mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
1775 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Aleksander Morgado
|
c7c24046c8 |
net: usb: qmi_wwan: add support for DW5821e with eSIM support
[ Upstream commit e497df686e8fed8c1dd69179010656362858edb3 ] Exactly same layout as the default DW5821e module, just a different vid/pid. The QMI interface is exposed in USB configuration #1: P: Vendor=413c ProdID=81e0 Rev=03.18 S: Manufacturer=Dell Inc. S: Product=DW5821e-eSIM Snapdragon X20 LTE S: SerialNumber=0123456789ABCDEF C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA I: If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan I: If#=0x1 Alt= 0 #EPs= 1 Cls=03(HID ) Sub=00 Prot=00 Driver=usbhid I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option Signed-off-by: Aleksander Morgado <aleksander@aleksander.es> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Oliver Neukum
|
0a94a5d5bb |
CDC-NCM: handle incomplete transfer of MTU
[ Upstream commit 332f989a3b0041b810836c5c3747e59aad7e9d0b ] A malicious device may give half an answer when asked for its MTU. The driver will proceed after this with a garbage MTU. Anything but a complete answer must be treated as an error. V2: used sizeof as request by Alexander Reported-and-tested-by: syzbot+0631d878823ce2411636@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kazutoshi Noguchi
|
adea9fd3b1 |
r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2
[ Upstream commit b3060531979422d5bb18d80226f978910284dc70 ] This device is sold as 'ThinkPad USB-C Dock Gen 2 (40AS)'. Chipset is RTL8153 and works with r8152. Without this, the generic cdc_ether grabs the device, and the device jam connected networks up when the machine suspends. Signed-off-by: Kazutoshi Noguchi <noguchi.kazutosi@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Andrew Lunn
|
03a7095930 |
net: usb: lan78xx: Connect PHY before registering MAC
[ Upstream commit 38b4fe320119859c11b1dc06f6b4987a16344fa1 ]
As soon as the netdev is registers, the kernel can start using the
interface. If the driver connects the MAC to the PHY after the netdev
is registered, there is a race condition where the interface can be
opened without having the PHY connected.
Change the order to close this race condition.
Fixes: 92571a1aae40 ("lan78xx: Connect phy early")
Reported-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Tested-by: Daniel Wagner <dwagner@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Valentin Vidic
|
18efc2e388 |
net: usb: sr9800: fix uninitialized local variable
commit 77b6d09f4ae66d42cd63b121af67780ae3d1a5e9 upstream. Make sure res does not contain random value if the call to sr_read_cmd fails for some reason. Reported-by: syzbot+f1842130bbcfb335bac1@syzkaller.appspotmail.com Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
qctecmdr
|
f537590775 | Merge "net: usb: ax88179: Change to check if the packets are coming from gsb" | ||
Kai-Heng Feng
|
e74a4dc8f2 |
r8152: Set macpassthru in reset_resume callback
[ Upstream commit a54cdeeb04fc719e4c7f19d6e28dba7ea86cee5b ] r8152 may fail to establish network connection after resume from system suspend. If the USB port connects to r8152 lost its power during system suspend, the MAC address was written before is lost. The reason is that The MAC address doesn't get written again in its reset_resume callback. So let's set MAC address again in reset_resume callback. Also remove unnecessary lock as no other locking attempt will happen during reset_resume. Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Mohammed Javid
|
d2c81d6a69 |
net: usb: ax88179: Change to check if the packets are coming from gsb
Packets from gsb are cloned packets, which has been done to optimize the dl data path. The check for cloned skb calls pskb_expand_head which gives penalty in the throughput. GSB driver data path does not consume the skb so, reallocation of skb is not necessary here. For that reason the check for all packets from gsb is introduced here. This check improves the throughput to about 150 Mbps. Change-Id: Ic1d7cc9c94605f1902ba212aac52d535d0ff84a7 Acked-by: Rishav LNU <rna@qti.qualcomm.com> Signed-off-by: Mohammed Javid <mjavid@codeaurora.org> |
||
Blagovest Kolenichev
|
d64e0d142b |
Merge android-4.14-q.148 (6d671bf) into msm-4.14
* refs/heads/tmp-6d671bf: Linux 4.14.148 kexec: bail out upon SIGKILL when allocating memory. NFC: fix attrs checks in netlink interface smack: use GFP_NOFS while holding inode_smack::smk_lock Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set ipv6: Handle missing host route in __ipv6_ifa_notify sch_cbq: validate TCA_CBQ_WRROPT to avoid crash tipc: fix unlimited bundling of small messages xen-netfront: do not use ~0U as error return value for xennet_fill_frags() net/rds: Fix error handling in rds_ib_add_one() vsock: Fix a lockdep warning in __vsock_release() sch_dsmark: fix potential NULL deref in dsmark_init() qmi_wwan: add support for Cinterion CLS8 devices nfc: fix memory leak in llcp_sock_bind() net: Unpublish sk from sk_reuseport_cb before call_rcu net: qlogic: Fix memory leak in ql_alloc_large_buffers net: ipv4: avoid mixed n_redirects and rate_tokens usage ipv6: drop incoming packets having a v4mapped source address hso: fix NULL-deref on tty open erspan: remove the incorrect mtu limit for erspan cxgb4:Fix out-of-bounds MSI-X info array access bpf: fix use after free in prog symbol exposure kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K ocfs2: wait for recovering done after direct unlock request kbuild: clean compressed initramfs image hypfs: Fix error number left in struct pointer member pktcdvd: remove warning on attempting to register non-passthrough dev fat: work around race with userspace's read via blockdev while mounting ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() PCI: exynos: Propagate errors for optional PHYs PCI: imx6: Propagate errors for optional regulators PCI: rockchip: Propagate errors for optional regulators HID: apple: Fix stuck function keys when using FN rtc: snvs: fix possible race condition ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes livepatch: Nullify obj->mod in klp_module_coming()'s error path PCI: tegra: Fix OF node reference leak mfd: intel-lpss: Remove D3cold delay i2c-cht-wc: Fix lockdep warning MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean dma-buf/sw_sync: Synchronize signal vs syncpt free scsi: core: Reduce memory required for SCSI logging clk: at91: select parent if main oscillator or bypass is enabled arm64: fix unreachable code issue with cmpxchg powerpc/pseries: correctly track irq state in default idle powerpc/64s/exception: machine check use correct cfar for late handler drm/amdgpu/si: fix ASIC tests drm/nouveau/volt: Fix for some cards having 0 maximum voltage vfio_pci: Restore original state on release pinctrl: tegra: Fix write barrier placement in pmx_writel powerpc/pseries/mobility: use cond_resched when updating device tree powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function powerpc/rtas: use device model APIs and serialization during LPM powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL clk: zx296718: Don't reference clk_init_data after registration clk: sirf: Don't reference clk_init_data after registration clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks clk: qoriq: Fix -Wunused-const-variable ipmi_si: Only schedule continuously in the thread in maintenance mode gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() drm/radeon: Fix EEH during kexec drm/stm: attach gem fence to atomic state video: ssd1307fb: Start page range at page_offset drm/panel: simple: fix AUO g185han01 horizontal blanking drm/bridge: tc358767: Increase AUX transfer length limit tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: migrate pubek_show to struct tpm_buf Change-Id: Ibd1faaa8b3535135d8d72fb76a157b459cb9957c Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
fbbfccc5a5 |
Merge android-4.14-q.147 (5c8d069) into msm-4.14
* refs/heads/tmp-5c8d069:
Revert "net: qrtr: Stop rx_worker before freeing node"
Linux 4.14.147
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
md/raid0: avoid RAID0 data corruption due to layout confusion.
CIFS: Fix oplock handling for SMB 2.1+ protocols
CIFS: fix max ea value size
i2c: riic: Clear NACK in tend isr
hwrng: core - don't wait on add_early_randomness()
quota: fix wrong condition in is_quota_modification()
ext4: fix punch hole for inline_data file systems
ext4: fix warning inside ext4_convert_unwritten_extents_endio
/dev/mem: Bail out upon SIGKILL.
cfg80211: Purge frame registrations on iftype change
md: only call set_in_sync() when it is expected to succeed.
md: don't report active array_state until after revalidate_disk() completes.
md/raid6: Set R5_ReadError when there is read failure on parity disk
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
ovl: filter of trusted xattr results in audit
memcg, kmem: do not fail __GFP_NOFAIL charges
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
regulator: Defer init completion for a while after late_initcall
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ARM: samsung: Fix system restart on S3C6410
ASoC: Intel: Fix use of potentially uninitialized variable
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: NHLT: Fix debug print format
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
x86/retpolines: Fix up backport of a9d57ef15cbe
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
fuse: fix missing unlock_page in fuse_writepage()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
randstruct: Check member structs in is_pure_ops_struct()
IB/hfi1: Define variables as unsigned long to fix KASAN warning
printk: Do not lose last line in kmsg buffer dump
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
PM / devfreq: passive: fix compiler warning
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
e1000e: add workaround for possible stalled packet
libertas: Add missing sentinel at end of if_usb.c fw_table
raid5: don't increment read_errors on EILSEQ return
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
kprobes: Prohibit probing on BUG() and WARN() address
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
ACPI: custom_method: fix memory leaks
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
libtraceevent: Change users plugin directory
iommu/iova: Avoid false sharing on fq_timer_on
iommu/amd: Silence warnings under memory pressure
nvmet: fix data units read and written counters in SMART log
arm64: kpti: ensure patched kernel text is fetched from PoU
ACPI / CPPC: do not require the _PSD method
ASoC: es8316: fix headphone mixer volume table
media: ov9650: add a sanity check
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: cec-notifier: clear cec_adap in cec_notifier_unregister
PM / devfreq: exynos-bus: Correct clock enable sequence
PM / devfreq: passive: Use non-devm notifiers
EDAC/amd64: Decode syndrome before translating address
EDAC/amd64: Recognize DRAM device type ECC capability
libperf: Fix alignment trap with xyarray contents in 'perf stat'
media: dvb-core: fix a memory leak bug
nbd: add missing config put
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
net: lpc-enet: fix printk format strings
media: imx: mipi csi-2: Don't fail if initial state times-out
media: omap3isp: Don't set streaming state on random subdevs
media: i2c: ov5645: Fix power sequence
perf record: Support aarch64 random socket_id assignment
dmaengine: iop-adma: use correct printk format strings
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
media: fdp1: Reduce FCP not found message level to debug
media: mtk-mdp: fix reference count on old device tree
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: gspca: zero usb_buf on error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
efi: cper: print AER info of PCIe fatal error
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
ACPI / processor: don't print errors for processorIDs == 0xff
md: don't set In_sync if array is frozen
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md/raid1: end bio when the device faulty
ASoC: rsnd: don't call clk_get_rate() under atomic context
EDAC/altera: Use the proper type for the IRQ status bits
ia64:unwind: fix double free for mod->arch.init_unw_table
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
base: soc: Export soc_device_register/unregister APIs
media: iguanair: add sanity checks
EDAC/mc: Fix grain_bits calculation
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
sched/core: Fix CPU controller for !RT_GROUP_SCHED
sched/fair: Fix imbalance due to CPU affinity
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
media: hdpvr: Add device num check and handling
media: exynos4-is: fix leaked of_node references
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
net/mlx5: Add device ID of upcoming BlueField-2
usbnet: sanity checking of packet sizes and device mtu
usbnet: ignore endpoints with invalid wMaxPacketSize
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
ppp: Fix memory leak in ppp_write
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net_sched: add max len check for TCA_KIND
net/sched: act_sample: don't push mac header on ip6gre ingress
net: qrtr: Stop rx_worker before freeing node
net/phy: fix DP83865 10 Mbps HDX loopback disable function
macsec: drop skb sk before calling gro_cells_receive
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
arcnet: provide a buffer big enough to actually receive packets
f2fs: use generic EFSBADCRC/EFSCORRUPTED
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
xfs: don't crash on null attr fork xfs_bmapi_read
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
net: don't warn in inet diag when IPV6 is disabled
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
dm zoned: fix invalid memory access
Revert "f2fs: avoid out-of-range memory access"
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
f2fs: check all the data segments against all node ones
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
locking/lockdep: Add debug_locks check in __lock_downgrade()
power: supply: sysfs: ratelimit property read error message
pinctrl: sprd: Use define directive for sprd_pinconf_params values
objtool: Clobber user CFLAGS variable
ALSA: hda - Apply AMD controller workaround for Raven platform
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
media: tvp5150: fix switch exit in set control handler
iwlwifi: mvm: send BCAST management frames to the right station
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: logitech: Fix general protection fault caused by Logitech driver
HID: sony: Fix memory corruption issue on cleanup.
HID: prodikeys: Fix general protection fault during probe
IB/core: Add an unbound WQ type to the new CQ API
objtool: Query pkg-config for libelf location
powerpc/xive: Fix bogus error code returned by OPAL
Revert "Bluetooth: validate BLE connection interval updates"
Conflicts:
drivers/mmc/core/sdio_irq.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/inode.c
Change-Id: I757f54737e4d58319f2866f687a39123f0889e1e
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
Reinhard Speyerer
|
af849a18cd |
qmi_wwan: add support for Cinterion CLS8 devices
[ Upstream commit cf74ac6db25d4002089e85cc623ad149ecc25614 ] Add support for Cinterion CLS8 devices. Use QMI_QUIRK_SET_DTR as required for Qualcomm MDM9x07 chipsets. T: Bus=01 Lev=03 Prnt=05 Port=01 Cnt=02 Dev#= 25 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=1e2d ProdID=00b0 Rev= 3.18 S: Manufacturer=GEMALTO S: Product=USB Modem C:* #Ifs= 5 Cfg#= 1 Atr=80 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: Reinhard Speyerer <rspmn@arcor.de> Acked-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Johan Hovold
|
78c014433c |
hso: fix NULL-deref on tty open
[ Upstream commit 8353da9fa69722b54cba82b2ec740afd3d438748 ]
Fix NULL-pointer dereference on tty open due to a failure to handle a
missing interrupt-in endpoint when probing modem ports:
BUG: kernel NULL pointer dereference, address: 0000000000000006
...
RIP: 0010:tiocmget_submit_urb+0x1c/0xe0 [hso]
...
Call Trace:
hso_start_serial_device+0xdc/0x140 [hso]
hso_serial_open+0x118/0x1b0 [hso]
tty_open+0xf1/0x490
Fixes: 542f54823614 ("tty: Modem functions for the HSO driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Oliver Neukum
|
ff7bcdb6a1 |
usbnet: sanity checking of packet sizes and device mtu
[ Upstream commit 280ceaed79f18db930c0cc8bb21f6493490bf29c ] After a reset packet sizes and device mtu can change and need to be reevaluated to calculate queue sizes. Malicious devices can set this to zero and we divide by it. Introduce sanity checking. Reported-and-tested-by: syzbot+6102c120be558c885f04@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Bjørn Mork
|
6c95f6a3c9 |
usbnet: ignore endpoints with invalid wMaxPacketSize
[ Upstream commit 8d3d7c2029c1b360f1a6b0a2fca470b57eb575c0 ] Endpoints with zero wMaxPacketSize are not usable for transferring data. Ignore such endpoints when looking for valid in, out and status pipes, to make the drivers more robust against invalid and meaningless descriptors. The wMaxPacketSize of these endpoints are used for memory allocations and as divisors in many usbnet minidrivers. Avoiding zero is therefore critical. Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Bjørn Mork
|
27febbf1fb |
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
[ Upstream commit 3fe4b3351301660653a2bc73f2226da0ebd2b95e ] Endpoints with zero wMaxPacketSize are not usable for transferring data. Ignore such endpoints when looking for valid in, out and status pipes, to make the driver more robust against invalid and meaningless descriptors. The wMaxPacketSize of the out pipe is used as divisor. So this change fixes a divide-by-zero bug. Reported-by: syzbot+ce366e2b8296e25d84f5@syzkaller.appspotmail.com Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
3b572c9bfa |
Merge android-4.14-q.146 (a3d6259) into msm-4.14
* refs/heads/tmp-a3d6259:
Linux 4.14.146
media: technisat-usb2: break out of loop at end of buffer
tcp: Don't dequeue SYN/FIN-segments from write-queue
tcp: Reset send_head when removing skb from write-queue
binfmt_elf: move brk out of mmap when doing direct loader exec
floppy: fix usercopy direction
PCI: kirin: Fix section mismatch warning
iommu/amd: Fix race in increase_address_space()
iommu/amd: Flush old domains in kdump kernel
keys: Fix missing null pointer check in request_key_auth_describe()
x86/hyper-v: Fix overflow bug in fill_gva_list()
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
dmaengine: ti: dma-crossbar: Fix a memory leak bug
net: seeq: Fix the function used to release some memory in an error handling path
tools/power turbostat: fix buffer overrun
tools/power x86_energy_perf_policy: Fix argument parsing
tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
amd-xgbe: Fix error path in xgbe_mod_init()
perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
perf/x86/intel: Restrict period on Nehalem
i2c: designware: Synchronize IRQs when unregistering slave client
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
ARM: 8901/1: add a criteria for pfn_valid of arm
cifs: Use kzfree() to zero out the password
cifs: set domainName when a domain-key is used in multiuser
kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
NFSv2: Fix write regression
NFSv2: Fix eof handling
netfilter: nf_conntrack_ftp: Fix debug output
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
r8152: Set memory to all 0xFFs on failed reg reads
batman-adv: Only read OGM2 tvlv_len after buffer len check
ARM: 8874/1: mm: only adjust sections of valid mm structures
qed: Add cleanup in qed_slowpath_start()
Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
NFSv4: Fix return value in nfs_finish_open()
NFSv4: Fix return values for nfs4_file_open()
netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
fpga: altera-ps-spi: Fix getting of optional confd gpio
s390/bpf: use 32-bit index for tail calls
ARM: dts: dra74x: Fix iodelay configuration for mmc3
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
s390/bpf: fix lcgr instruction encoding
ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
tty/serial: atmel: reschedule TX after RX was started
serial: sprd: correct the wrong sequence of arguments
firmware: google: check if size is valid when decoding VPD data
KVM: coalesced_mmio: add bounds checking
net_sched: let qdisc_put() accept NULL pointer
xen-netfront: do not assume sk_buff_head list is empty in error handling
media: tm6000: double free if usb disconnect while streaming
phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
USB: usbcore: Fix slab-out-of-bounds bug during device reset
powerpc/mm/radix: Use the right page size for vmemmap mapping
Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
ANDROID: regression introduced override_creds=off
Linux 4.14.145
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
nvmem: Use the same permissions for eeprom as for nvmem
platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
firmware: ti_sci: Always request response from firmware
crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
crypto: talitos - Do not modify req->cryptlen on decryption.
crypto: talitos - fix ECB algs ivsize
crypto: talitos - check data blocksize in ablkcipher.
crypto: talitos - fix CTR alg blocksize
crypto: talitos - check AES key size
driver core: Fix use-after-free and double free on glue directory
ubifs: Correctly use tnc_next() in search_dh_cookie()
PCI: Always allow probing with driver_override
mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
clk: rockchip: Don't yell about bad mmc phases when getting
drm/meson: Add support for XBGR8888 & ABGR8888 formats
powerpc: Add barrier_nospec to raw_copy_in_user()
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
MIPS: VDSO: Prevent use of smp_processor_id()
KVM: nVMX: handle page fault in vmread
KVM: x86: work around leak of uninitialized stack contents
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
genirq: Prevent NULL pointer dereference in resend_irqs()
Btrfs: fix assertion failure during fsync and use of stale transaction
gpio: fix line flag validation in lineevent_create
gpio: fix line flag validation in linehandle_create
gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
btrfs: correctly validate compression type
btrfs: compression: add helper for type to string conversion
tun: fix use-after-free when register netdev failed
tipc: add NULL pointer check before calling kfree_rcu
tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
net: phylink: Fix flow control resolution
net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list
net: Fix null de-reference of device refcount
isdn/capi: check message length in capi_write()
ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
cdc_ether: fix rndis support for Mediatek based smartphones
bridge/mdb: remove wrong use of NLM_F_MULTI
Linux 4.14.144
vhost: make sure log_num < in_num
kernel/module: Fix mem leak in module_add_modinfo_attrs
clk: s2mps11: Add used attribute to s2mps11_dt_match
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
powerpc/64: mark start_here_multiplatform as __ref
hv_sock: Fix hang when a connection is closed
batman-adv: Only read OGM tvlv_len after buffer len check
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
vhost/test: fix build for vhost test
PCI: dra7xx: Fix legacy INTD IRQ handling
PCI: designware-ep: Fix find_first_zero_bit() usage
ip6: fix skb leak in ip6frag_expire_frag_queue()
xfrm: clean up xfrm protocol checks
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
drm/vmwgfx: Fix double free in vmw_recv_msg()
sched/fair: Don't assign runtime for throttled cfs_rq
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
Linux 4.14.143
x86/boot: Preserve boot_params.secure_boot from sanitizing
mld: fix memory leak in mld_del_delrec()
net: sched: act_sample: fix psample group handling on overwrite
tcp: remove empty skb from write queue in error cases
tcp: inherit timestamp on mtu probe
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net_sched: fix a NULL pointer deref in ipt action
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob()
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
Input: hyperv-keyboard: Use in-place iterator API in the channel callback
HID: cp2112: prevent sleeping function called from invalid context
kprobes: Fix potential deadlock in kprobe_optimizer()
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
vfs: fix page locking deadlocks when deduping files
lan78xx: Fix memory leaks
net: myri10ge: fix memory leaks
liquidio: add cleanup in octeon_setup_iq()
cxgb4: fix a memory leak bug
drm/mediatek: set DMA max segment size
drm/mediatek: use correct device to import PRIME buffers
gpio: Fix build error of function redefinition
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
hv_netvsc: Fix a warning of suspicious RCU usage
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Linux 4.14.142
Revert "ASoC: Fail card instantiation if DAI format setup fails"
x86/ptrace: fix up botched merge of spectrev1 fix
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
NFS: Pass error information to the pgio error cleanup routine
NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
NFS: Clean up list moves of struct nfs_page
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
mac80211: fix possible sta leak
Revert "cfg80211: fix processing world regdomain when non modular"
crypto: ccp - Ignore unconfigured CCP device on suspend/resume
VMCI: Release resource if the work is already queued
drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
intel_th: pci: Add Tiger Lake support
intel_th: pci: Add support for another Lewisburg PCH
stm class: Fix a double free of stm_source_device
mmc: core: Fix init of SD cards reporting an invalid VDD range
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: xhci: rcar: Fix typo in compatible string matching
usb: host: ohci: fix a race condition between shutdown and irq
usb: chipidea: udc: don't do hardware access if gadget has stopped
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb-storage: Add new JMS567 revision to unusual_devs
ftrace: Check for empty hash and comment the race with registering probes
ftrace: Check for successful allocation of hash
ftrace: Fix NULL pointer dereference in t_probe_next()
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
kvm: x86: skip populating logical dest map if apic is not sw enabled
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: line6: Fix memory leak at line6_init_pcm() error path
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
tcp: make sure EPOLLOUT wont be missed
net/smc: make sure EPOLLOUT is raised
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
drm/tilcdc: Register cpufreq notifier after we have initialized crtc
scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
drm/bridge: tfp410: fix memleak in get_modes()
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
drm/ast: Fixed reboot test may cause system hanged
i2c: emev2: avoid race when unregistering slave client
i2c: rcar: avoid race when unregistering slave client
xen/blkback: fix memory leaks
usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
usb: gadget: composite: Clear "suspended" on reset/disconnect
iommu/dma: Handle SG length overflow better
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
dmaengine: ste_dma40: fix unneeded variable warning
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
Conflicts:
drivers/base/core.c
drivers/staging/android/fiq_debugger/fiq_debugger.c
drivers/usb/gadget/function/f_mass_storage.c
sound/usb/mixer.c
Change-Id: Ifae45fc2fc7e7a777d77faacc1b3b88e371097df
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
Prashant Malani
|
2187e417a1 |
r8152: Set memory to all 0xFFs on failed reg reads
[ Upstream commit f53a7ad189594a112167efaf17ea8d0242b5ac00 ] get_registers() blindly copies the memory written to by the usb_control_msg() call even if the underlying urb failed. This could lead to junk register values being read by the driver, since some indirect callers of get_registers() ignore the return values. One example is: ocp_read_dword() ignores the return value of generic_ocp_read(), which calls get_registers(). So, emulate PCI "Master Abort" behavior by setting the buffer to all 0xFFs when usb_control_msg() fails. This patch is copied from the r8152 driver (v2.12.0) published by Realtek (www.realtek.com). Signed-off-by: Prashant Malani <pmalani@chromium.org> Acked-by: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Bjørn Mork
|
31c8200360 |
cdc_ether: fix rndis support for Mediatek based smartphones
[ Upstream commit 4d7ffcf3bf1be98d876c570cab8fc31d9fa92725 ]
A Mediatek based smartphone owner reports problems with USB
tethering in Linux. The verbose USB listing shows a rndis_host
interface pair (e0/01/03 + 10/00/00), but the driver fails to
bind with
[ 355.960428] usb 1-4: bad CDC descriptors
The problem is a failsafe test intended to filter out ACM serial
functions using the same 02/02/ff class/subclass/protocol as RNDIS.
The serial functions are recognized by their non-zero bmCapabilities.
No RNDIS function with non-zero bmCapabilities were known at the time
this failsafe was added. But it turns out that some Wireless class
RNDIS functions are using the bmCapabilities field. These functions
are uniquely identified as RNDIS by their class/subclass/protocol, so
the failing test can safely be disabled. The same applies to the two
types of Misc class RNDIS functions.
Applying the failsafe to Communication class functions only retains
the original functionality, and fixes the problem for the Mediatek based
smartphone.
Tow examples of CDC functional descriptors with non-zero bmCapabilities
from Wireless class RNDIS functions are:
0e8d:000a Mediatek Crosscall Spider X5 3G Phone
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x0f
connection notifications
sends break
line coding and serial state
get/set/clear comm features
CDC Union:
bMasterInterface 0
bSlaveInterface 1
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 1
and
19d2:1023 ZTE K4201-z
CDC Header:
bcdCDC 1.10
CDC ACM:
bmCapabilities 0x02
line coding and serial state
CDC Call Management:
bmCapabilities 0x03
call management
use DataInterface
bDataInterface 1
CDC Union:
bMasterInterface 0
bSlaveInterface 1
The Mediatek example is believed to apply to most smartphones with
Mediatek firmware. The ZTE example is most likely also part of a larger
family of devices/firmwares.
Suggested-by: Lars Melin <larsm17@gmail.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Wenwen Wang
|
849922a81e |
net: kalmia: fix memory leaks
[ Upstream commit f1472cb09f11ddb41d4be84f0650835cb65a9073 ] In kalmia_init_and_get_ethernet_addr(), 'usb_buf' is allocated through kmalloc(). In the following execution, if the 'status' returned by kalmia_send_init_packet() is not 0, 'usb_buf' is not deallocated, leading to memory leaks. To fix this issue, add the 'out' label to free 'usb_buf'. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Wenwen Wang
|
f51ddf3767 |
cx82310_eth: fix a memory leak bug
[ Upstream commit 1eca92eef18719027d394bf1a2d276f43e7cf886 ] In cx82310_bind(), 'dev->partial_data' is allocated through kmalloc(). Then, the execution waits for the firmware to become ready. If the firmware is not ready in time, the execution is terminated. However, the allocated 'dev->partial_data' is not deallocated on this path, leading to a memory leak bug. To fix this issue, free 'dev->partial_data' before returning the error. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Wenwen Wang
|
c62760f0c6 |
lan78xx: Fix memory leaks
[ Upstream commit b9cbf8a64865b50fd0f4a3915fa00ac7365cdf8f ] In lan78xx_probe(), a new urb is allocated through usb_alloc_urb() and saved to 'dev->urb_intr'. However, in the following execution, if an error occurs, 'dev->urb_intr' is not deallocated, leading to memory leaks. To fix this issue, invoke usb_free_urb() to free the allocated urb before returning from the function. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
459ee51360 |
Merge android-4.14-q.141 (633520acd) into msm-4.14
* refs/heads/tmp-633520acd: Linux 4.14.141 Revert "perf test 6: Fix missing kvm module load for s390" powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB dm zoned: fix potential NULL dereference in dmz_do_reclaim() xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT mm/zsmalloc.c: fix race condition in zs_destroy_pool mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely mm, page_owner: handle THP splits correctly genirq: Properly pair kobject_del() with kobject_add() dm zoned: properly handle backing device failure dm zoned: improve error handling in i/o map code dm zoned: improve error handling in reclaim dm table: fix invalid memory accesses with too high sector number dm space map metadata: fix missing store of apply_bops() return value dm btree: fix order of block initialization in btree_split_beneath dm kcopyd: always complete failed jobs x86/boot: Fix boot regression caused by bootparam sanitizing x86/boot: Save fields explicitly, zero out everything else x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h x86/apic: Handle missing global clockevent gracefully x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386 userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx gpiolib: never report open-drain/source lines as 'input' to user-space drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX libceph: fix PG split vs OSD (re)connect race ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply Revert "dm bufio: fix deadlock with loop device" HID: wacom: Correct distance scale for 2nd-gen Intuos devices HID: wacom: correct misreported EKR ring values selftests: kvm: Adding config fragments perf pmu-events: Fix missing "cpu_clk_unhalted.core" event perf cpumap: Fix writing to illegal memory in handling cpumap mask perf ftrace: Fix failure to set cpumask when only one cpu is present drm/vmwgfx: fix memory leak when too many retries have occurred x86/lib/cpu: Address missing prototypes warning libata: add SG safety checks in SFF pio transfers libata: have ata_scsi_rw_xlat() fail invalid passthrough requests net: hisilicon: Fix dma_map_single failed on arm64 net: hisilicon: fix hip04-xmit never return TX_BUSY net: hisilicon: make hip04_tx_reclaim non-reentrant net: cxgb3_main: Fix a resource leak in a error path in 'init_one()' SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL HID: input: fix a4tech horizontal wheel custom usage NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() net/ethernet/qlogic/qed: force the string buffer NULL-terminated can: peak_usb: force the string buffer NULL-terminated can: sja1000: force the string buffer NULL-terminated perf bench numa: Fix cpu0 binding isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack netfilter: ipset: Fix rename concurrency with listing isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain() qed: RDMA - Fix the hw_ver returned in device attributes net: usb: qmi_wwan: Add the BroadMobi BM818 card ASoC: ti: davinci-mcasp: Correct slot_width posed constraint st_nci_hci_connectivity_event_received: null check the allocation st21nfca_connectivity_event_received: null check the allocation ASoC: Fail card instantiation if DAI format setup fails can: dev: call netif_carrier_off() in register_candev() bonding: Force slave speed check after link state recovery for 802.3ad ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks netfilter: ebtables: fix a memory leak bug in compat mips: fix cacheinfo MIPS: kernel: only use i8253 clocksource with periodic clockevent HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT Conflicts: fs/userfaultfd.c Change-Id: I2cc194e1b6d638378c9727a2bd52d76fc6142804 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
8b902c6d60 |
Merge android-4.14-q.140 (2f8eadd) into msm-4.14
* refs/heads/tmp-2f8eadd: Linux 4.14.140 xfrm: policy: remove pcpu policy cache mmc: sdhci-of-arasan: Do now show error message in case of deffered probe bonding: Add vlan tx offload to hw_enc_features team: Add vlan tx offload to hw_enc_features net/mlx5e: Use flow keys dissector to parse packets for ARFS net/mlx5e: Only support tx/rx pause setting for port owner xen/netback: Reset nr_frags before freeing skb sctp: fix the transport error_count check net/packet: fix race in tpacket_snd() net/mlx4_en: fix a memory leak bug bnx2x: Fix VF's VLAN reconfiguration in reload. iommu/amd: Move iommu_init_pci() to .init section Input: psmouse - fix build error of multiple definition netfilter: conntrack: Use consistent ct id hash calculation arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side arm64: compat: Allow single-byte watchpoints on all addresses Revert "tcp: Clear sk_send_head after purging the write queue" bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K USB: serial: option: Add Motorola modem UARTs USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add support for ZTE MF871A USB: serial: option: add D-Link DWM-222 device ID USB: CDC: fix sanity checks in CDC union parser usb: cdc-acm: make sure a refcount is taken early enough usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" USB: core: Fix races in character device registration and deregistraion iio: adc: max9611: Fix temperature reading in probe staging: comedi: dt3000: Fix rounding up of timer divisor staging: comedi: dt3000: Fix signed integer overflow 'divider * base' KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block asm-generic: fix -Wtype-limits compiler warnings ocfs2: remove set but not used variable 'last_hash' drm: msm: Fix add_gpu_components IB/mad: Fix use-after-free in ib mad completion handling IB/core: Add mitigation for Spectre V1 arm64/mm: fix variable 'pud' set but not used arm64: unwind: Prohibit probing on return_address() arm64/efi: fix variable 'si' set but not used kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules ata: libahci: do not complain in case of deferred probe scsi: qla2xxx: Fix possible fcport null-pointer dereferences scsi: hpsa: correct scsi command status issue after reset drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m libata: zpodd: Fix small read overflow in zpodd_get_mech_type() perf header: Fix use of unitialized value warning perf header: Fix divide by zero error if f_header.attr_size==0 irqchip/irq-imx-gpcv2: Forward irq type to parent irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail xen/pciback: remove set but not used variable 'old_state' clk: renesas: cpg-mssr: Fix reset control race condition clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1 netfilter: ebtables: also count base chain policies net: usb: pegasus: fix improper read if get_registers() fail Input: iforce - add sanity checks Input: kbtab - sanity check for endpoint type HID: hiddev: do cleanup in failure of opening a device HID: hiddev: avoid opening a disconnected device HID: holtek: test for sanity of intfdata ALSA: hda - Let all conexant codec enter D3 when rebooting ALSA: hda - Add a generic reboot_notify ALSA: hda - Fix a memory leak bug ALSA: hda - Apply workaround for another AMD chip 1022:1487 xtensa: add missing isync to the cpu_reset TLB code x86/mm: Use WRITE_ONCE() when setting PTEs bpf: add bpf_jit_limit knob to restrict unpriv allocations bpf: restrict access to core bpf sysctls bpf: get rid of pure_initcall dependency to enable jits mm/memcontrol.c: fix use after free in mem_cgroup_iter() mm/usercopy: use memory range to be accessed for wraparound check sh: kernel: hw_breakpoint: Fix missing break in switch statement scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA Change-Id: I6365fb1dd47655e268bbd361acf0ad5e7ff9d433 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Bob Ham
|
ccaf6f8477 |
net: usb: qmi_wwan: Add the BroadMobi BM818 card
[ Upstream commit 9a07406b00cdc6ec689dc142540739575c717f3c ] The BroadMobi BM818 M.2 card uses the QMI protocol Signed-off-by: Bob Ham <bob.ham@puri.sm> Signed-off-by: Angus Ainslie (Purism) <angus@akkea.ca> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Denis Kirjanov
|
8176e66cae |
net: usb: pegasus: fix improper read if get_registers() fail
commit 224c04973db1125fcebefffd86115f99f50f8277 upstream. get_registers() may fail with -ENOMEM and in this case we can read a garbage from the status variable tmp. Reported-by: syzbot+3499a83b2d062ae409d4@syzkaller.appspotmail.com Signed-off-by: Denis Kirjanov <kda@linux-powerpc.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
41d4f1d82f |
Merge android-4.14-q.135 (1391d3b) into msm-4.14
* refs/heads/tmp-1391d3b:
Linux 4.14.135
access: avoid the RCU grace period for the temporary subjective credentials
powerpc/tm: Fix oops on sigreturn on systems without TM
powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
fpga-manager: altera-ps-spi: Fix build error
binder: prevent transactions to context manager from its own process.
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
btrfs: inode: Don't compress if NODATASUM or NODATACOW set
KVM: nVMX: do not use dangling shadow VMCS after guest reset
usb: pci-quirks: Correct AMD PLL quirk detection
usb: wusbcore: fix unbalanced get/put cluster_id
drm/crc-debugfs: Also sprinkle irqrestore over early exits
drm/crc: Only report a single overflow when a CRC fd is opened
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
mm/gup.c: remove some BUG_ONs from get_gate_page()
mm/gup.c: mark undo_dev_pagemap as __maybe_unused
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
block/bio-integrity: fix a memory leak bug
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
perf annotate: Fix dereferencing freed memory found by the smatch tool
perf session: Fix potential NULL pointer dereference found by the smatch tool
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
kallsyms: exclude kasan local symbols on s390
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
serial: sh-sci: Terminate TX DMA during buffer flushing
RDMA/i40iw: Set queue pair state when being queried
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
mfd: arizona: Fix undefined behavior
mfd: core: Set fwnode for created devices
recordmcount: Fix spurious mcount entries on powerpc
powerpc/xmon: Fix disabling tracing while in xmon
iio: iio-utils: Fix possible incorrect mask calculation
PCI: xilinx-nwl: Fix Multi MSI data programming
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: sysfs: Ignore lockdep for remove attribute
serial: mctrl_gpio: Check if GPIO property exisits before requesting it
drm/msm: Depopulate platform on probe failure
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
usb: gadget: Zero ffs_io_data
tty: serial_core: Set port active bit in uart_port_activate
drm/rockchip: Properly adjust to a true clock in adjusted_mode
powerpc/pseries/mobility: prevent cpu hotplug during DT update
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
serial: 8250: Fix TX interrupt handling condition
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/bridge: tc358767: read display_props in get_modes()
PCI: Return error if cannot probe VF
drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
usb: core: hub: Disable hub-initiated U1/U2
drm/panel: simple: Fix panel_simple_dsi_probe
hvsock: fix epollout hang from race condition
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
mm: vmscan: scan anonymous pages on file refaults
ext4: allow directory holes
ext4: use jbd2_inode dirty range scoping
jbd2: introduce jbd2_inode dirty range scoping
mm: add filemap_fdatawait_range_keep_errors()
ext4: enforce the immutable flag on open files
ext4: don't allow any modifications to an immutable file
MIPS: lb60: Fix pin mappings
dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
dma-buf: balance refcount inbalance
net: bridge: stp: don't cache eth dest pointer before skb pull
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
tcp: Reset bytes_acked and bytes_received when disconnecting
tcp: fix tcp_set_congestion_control() use from bpf hook
net: make skb_dst_force return true when dst is refcounted
bonding: validate ip header before check IPPROTO_IGMP
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
macsec: fix checksumming after decryption
macsec: fix use-after-free of skb during RX
vrf: make sure skb->data contains ip header to make routing
sky2: Disable MSI on ASUS P6T
rxrpc: Fix send on a connected, but unbound socket
nfc: fix potential illegal memory access
net: openvswitch: fix csum updates for MPLS actions
net: neigh: fix multiple neigh timer scheduling
net: dsa: mv88e6xxx: wait after reset deactivation
net: bcmgenet: use promisc for unsupported filters
ipv4: don't set IPv6 only flags to IPv4 addresses
igmp: fix memory leak in igmpv3_del_delrec()
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent ptp_task to be rescheduled indefinitely
bnx2x: Prevent load reordering in tx completion processing
lib/strscpy: Shut up KASAN false-positives in strscpy()
compiler.h: Add read_word_at_a_time() function.
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
dm bufio: fix deadlock with loop device
dt-bindings: allow up to four clocks for orion-mdio
net: mvmdio: allow up to four clocks to be specified for orion-mdio
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
parisc: Ensure userspace privilege for ptraced processes in regset functions
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
HID: wacom: correct touch resolution x/y typo
HID: wacom: generic: only switch the mode on devices with LEDs
Btrfs: add missing inode version, ctime and mtime updates when punching hole
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
PCI: Do not poll for PME if the device is in D3cold
intel_th: pci: Add Ice Lake NNPI support
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
x86/boot: Fix memory leak in default_get_smp_config()
9p/virtio: Add cleanup path in p9_virtio_init
9p/xen: Add cleanup path in p9_trans_xen_init
xen/events: fix binding user event channels to cpus
dm zoned: fix zone state management race
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
arm64: tegra: Fix AGIC register range
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
ALSA: seq: Break too long mutex context in the write loop
ASoC: dapm: Adapt for debugfs API change
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
NFSv4: Handle the special Linux file open access mode
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
iwlwifi: pcie: don't service an interrupt that was masked
arm64: tegra: Update Jetson TX1 GPU regulator timings
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: alps - fix a mismatch between a condition check and its comment
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Input: alps - don't handle ALPS cs19 trackpoint-only device
Input: gtco - bounds check collection indent level
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
crypto: ccp/gcm - use const time tag comparison.
crypto: ccp - memset structure fields to zero before reuse
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: ccp - Validate the the error value used to index error messages
crypto: ghash - fix unaligned memory access in ghash_setkey()
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: megaraid_sas: Fix calculation of target ID
scsi: core: Fix race on creating sense cache
Revert "scsi: ncr5380: Increase register polling limit"
scsi: NCR5380: Always re-enable reselection interrupt
scsi: NCR5380: Reduce goto statements in NCR5380_select()
xen: let alloc_xenballooned_pages() fail if not enough memory free
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
iavf: fix dereference of null rx_buffer pointer
net: mvmdio: defer probe of orion-mdio if a clock is not ready
gtp: fix use-after-free in gtp_newlink()
gtp: fix use-after-free in gtp_encap_destroy()
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix suspicious RCU usage
Bluetooth: validate BLE connection interval updates
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
net: usb: asix: init MAC address buffers
perf stat: Make metric event lookup more robust
iwlwifi: mvm: Drop large non sta frames
ath10k: destroy sdio workqueue while remove sdio module
net: hns3: add some error checking in hclge_tm module
net: hns3: fix a -Wformat-nonliteral compile warning
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
crypto: asymmetric_keys - select CRYPTO_HASH where needed
crypto: serpent - mark __serpent_setkey_sbox noinline
ixgbe: Check DDM existence in transceiver before access
rslib: Fix handling of of caller provided syndrome
rslib: Fix decoding of shortened codes
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
libata: don't request sense data on !ZAC ATA devices
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ath10k: fix PCIE device wake up failed
ath10k: add missing error handling
ipvs: fix tinfo memory leak in start_sync_thread
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
rtlwifi: rtl8192cu: fix error handle when usb probe failed
media: hdpvr: fix locking and a missing msleep
media: vimc: cap: check v4l2_fill_pixfmt return value
media: coda: increment sequence offset for the last returned frame
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
timer_list: Guard procfs specific code
ntp: Limit TAI-UTC offset
media: i2c: fix warning same module names
media: s5p-mfc: Make additional clocks optional
ipvs: defer hook registration to avoid leaks
ipsec: select crypto ciphers for xfrm_algo
EDAC/sysfs: Fix memory leak when creating a csrow object
ipoib: correcly show a VF hardware address
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
x86/atomic: Fix smp_mb__{before,after}_atomic()
sched/core: Add __sched tag for io_schedule()
xfrm: fix sa selector validation
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
rcu: Force inlining of rcu_read_lock()
bpf: silence warning messages in core
regmap: fix bulk writes on paged registers
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
iommu: Fix a leak in iommu_insert_resv_region
media: fdp1: Support M3N and E3 platforms
perf test 6: Fix missing kvm module load for s390
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
ipset: Fix memory accounting for hash types on resize
net: sfp: add mutex to prevent concurrent state checks
RAS/CEC: Fix pfn insertion
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
net: stmmac: dwmac4: fix flow control issue
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
crypto: talitos - properly handle split ICV.
net: phy: Check against net_device being NULL
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
media: mc-device.c: don't memset __user pointer contents
fscrypt: clean up some BUG_ON()s in block encryption/decryption
xfrm: Fix xfrm sel prefix length validation
af_key: fix leaks in key_pol_get_resp and dump_sp.
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
qed: Set the doorbell address correctly
net: stmmac: dwmac4/5: Clear unused address entries
net: stmmac: dwmac1000: Clear unused address entries
media: media_device_enum_links32: clean a reserved field
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: spi: IR LED: add missing of table registration
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
wil6210: fix potential out-of-bounds read
dmaengine: imx-sdma: fix use-after-free on probe error path
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
ANDROID: cuttlefish_defconfig: enable CONFIG_CPU_FREQ_TIMES
ANDROID: xfrm: remove in_compat_syscall() checks
UPSTREAM: binder: Set end of SG buffer area properly.
Conflicts:
drivers/gpu/drm/msm/msm_drv.c
Change-Id: I3f568e1d41c853c51a6ed293de6420fb447fe8e0
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
Phong Tran
|
a528013539 |
net: usb: asix: init MAC address buffers
[ Upstream commit 78226f6eaac80bf30256a33a4926c194ceefdf36 ] This is for fixing bug KMSAN: uninit-value in ax88772_bind Tested by https://groups.google.com/d/msg/syzkaller-bugs/aFQurGotng4/eB_HlNhhCwAJ Reported-by: syzbot+8a3fc6674bbc3978ed4e@syzkaller.appspotmail.com syzbot found the following crash on: HEAD commit: f75e4cfe kmsan: use kmsan_handle_urb() in urb.c git tree: kmsan console output: https://syzkaller.appspot.com/x/log.txt?x=136d720ea00000 kernel config: https://syzkaller.appspot.com/x/.config?x=602468164ccdc30a dashboard link: https://syzkaller.appspot.com/bug?extid=8a3fc6674bbc3978ed4e compiler: clang version 9.0.0 (/home/glider/llvm/clang 06d00afa61eef8f7f501ebdb4e8612ea43ec2d78) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12788316a00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120359aaa00000 ================================================================== BUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:200 [inline] BUG: KMSAN: uninit-value in asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline] BUG: KMSAN: uninit-value in ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724 CPU: 0 PID: 3348 Comm: kworker/0:2 Not tainted 5.1.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x191/0x1f0 lib/dump_stack.c:113 kmsan_report+0x130/0x2a0 mm/kmsan/kmsan.c:622 __msan_warning+0x75/0xe0 mm/kmsan/kmsan_instr.c:310 is_valid_ether_addr include/linux/etherdevice.h:200 [inline] asix_set_netdev_dev_addr drivers/net/usb/asix_devices.c:73 [inline] ax88772_bind+0x93d/0x11e0 drivers/net/usb/asix_devices.c:724 usbnet_probe+0x10f5/0x3940 drivers/net/usb/usbnet.c:1728 usb_probe_interface+0xd66/0x1320 drivers/usb/core/driver.c:361 really_probe+0xdae/0x1d80 drivers/base/dd.c:513 driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671 __device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778 bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454 __device_attach+0x454/0x730 drivers/base/dd.c:844 device_initial_probe+0x4a/0x60 drivers/base/dd.c:891 bus_probe_device+0x137/0x390 drivers/base/bus.c:514 device_add+0x288d/0x30e0 drivers/base/core.c:2106 usb_set_configuration+0x30dc/0x3750 drivers/usb/core/message.c:2027 generic_probe+0xe7/0x280 drivers/usb/core/generic.c:210 usb_probe_device+0x14c/0x200 drivers/usb/core/driver.c:266 really_probe+0xdae/0x1d80 drivers/base/dd.c:513 driver_probe_device+0x1b3/0x4f0 drivers/base/dd.c:671 __device_attach_driver+0x5b8/0x790 drivers/base/dd.c:778 bus_for_each_drv+0x28e/0x3b0 drivers/base/bus.c:454 __device_attach+0x454/0x730 drivers/base/dd.c:844 device_initial_probe+0x4a/0x60 drivers/base/dd.c:891 bus_probe_device+0x137/0x390 drivers/base/bus.c:514 device_add+0x288d/0x30e0 drivers/base/core.c:2106 usb_new_device+0x23e5/0x2ff0 drivers/usb/core/hub.c:2534 hub_port_connect drivers/usb/core/hub.c:5089 [inline] hub_port_connect_change drivers/usb/core/hub.c:5204 [inline] port_event drivers/usb/core/hub.c:5350 [inline] hub_event+0x48d1/0x7290 drivers/usb/core/hub.c:5432 process_one_work+0x1572/0x1f00 kernel/workqueue.c:2269 process_scheduled_works kernel/workqueue.c:2331 [inline] worker_thread+0x189c/0x2460 kernel/workqueue.c:2417 kthread+0x4b5/0x4f0 kernel/kthread.c:254 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:355 Signed-off-by: Phong Tran <tranmanphong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
21c243f1bd |
Merge android-4.14-q.134 (81c8310) into msm-4.14
* refs/heads/tmp-81c8310: Linux 4.14.134 drm/udl: move to embedding drm device inside udl device. drm/udl: introduce a macro to convert dev to udl. crypto/NX: Set receive window credits to max number of CRBs in RxFIFO s390/qdio: don't touch the dsci in tiqdio_add_input_queues() s390/qdio: (re-)initialize tiqdio list entries s390: fix stfle zero padding ARC: hide unused function unw_hdr_alloc linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL cpu/hotplug: Fix out-of-bounds read when setting fail state x86/boot/64: Fix crash if kernel image crosses page table boundary dm verity: use message limit for data block corruption message ARM: dts: imx6ul: fix PWM[1-4] interrupts sis900: fix TX completion ppp: mppe: Add softdep to arc4 be2net: fix link failure after ethtool offline test ARM: omap2: remove incorrect __init annotation perf/core: Fix perf_sample_regs_user() mm check efi/bgrt: Drop BGRT status field reserved bits check clk: ti: clkctrl: Fix returning uninitialized data MIPS: Remove superfluous check for __linux__ VMCI: Fix integer overflow in VMCI handle arrays carl9170: fix misuse of device driver API binder: fix memory leak in error path staging: comedi: amplc_pci230: fix null pointer deref on interrupt staging: comedi: dt282x: fix a null pointer deref on interrupt usb: renesas_usbhs: add a workaround for a race condition of workqueue usb: gadget: ether: Fix race between gether_disconnect and rx_submit p54usb: Fix race between disconnect and firmware loading Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" USB: serial: option: add support for GosunCn ME3630 RNDIS mode USB: serial: ftdi_sio: add ID for isodebug v1 mwifiex: Don't abort on small, spec-compliant vendor IEs mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() mwifiex: Abort at too short BSS descriptor element Documentation: Add section about CPU vulnerabilities for Spectre x86/tls: Fix possible spectre-v1 in do_get_thread_area() x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() block, bfq: NULL out the bic when it's no longer valid ALSA: hda/realtek - Headphone Mic can't record after S3 udf: Fix incorrect final NOT_ALLOCATED (hole) extent length fscrypt: don't set policy for a dead directory net :sunrpc :clnt :Fix xps refcount imbalance on the error path net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() quota: fix a problem about transfer quota net: lio_core: fix potential sign-extension overflow on large shift ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL drm: return -EFAULT if copy_to_user() fails bnx2x: Check if transceiver implements DDM before access md: fix for divide error in status_resync qmi_wwan: extend permitted QMAP mux_id value range qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode qmi_wwan: add support for QMAP padding in the RX path mac80211: only warn once on chanctx_conf being NULL ARM: davinci: da8xx: specify dma_coherent_mask for lcdc ARM: davinci: da850-evm: call regulator_has_full_constraints() mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy Input: imx_keypad - make sure keyboard can always wake up system ARM: dts: am335x phytec boards: Fix cd-gpios active level ibmvnic: Refresh device multicast list after reset can: af_can: Fix error path of can_init() can: m_can: implement errata "Needless activation of MRAF irq" can: mcp251x: add support for mcp25625 dt-bindings: can: mcp251x: add mcp25625 support netfilter: ipv6: nf_defrag: accept duplicate fragments again netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments iwlwifi: Fix double-free problems in iwl_req_fw_callback() mwifiex: Fix possible buffer overflows at parsing bss descriptor mac80211: free peer keys before vif down in mesh mac80211: mesh: fix RCU warning staging:iio:ad7150: fix threshold mode config bit bpf: sockmap, fix use after free from sleep in psock backlog workqueue samples, bpf: fix to change the buffer size for read() Input: elantech - enable middle button support on 2 ThinkPads crypto: talitos - rename alternative AEAD algos. drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header Input: synaptics - enable SMBUS on T480 thinkpad trackpad e1000e: start network tx queue only when link is up Revert "e1000e: fix cyclic resets at link up with active tx" Conflicts: include/linux/cpuhotplug.h Change-Id: Ic199a589acbbb88481aaf57af660ff6ddee75921 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
dbc4aced9e |
Merge android-4.14.132 (0dcd8eb) into msm-4.14
* refs/heads/tmp-0dcd8eb: Linux 4.14.132 arm64: insn: Fix ldadd instruction encoding tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb futex: Update comments and docs about return values of arch futex code bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd arm64: futex: Avoid copying out uninitialised stack in failed cmpxchg() bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro bonding: Always enable vlan tx offload team: Always enable vlan tx offload tun: wake up waitqueues after IFF_UP is set tipc: check msg->req data len in tipc_nl_compat_bearer_disable tipc: change to use register_pernet_device sctp: change to hold sk after auth shkey is created successfully net: stmmac: fixed new system time seconds value calculation net: remove duplicate fetch in sock_getsockopt net/packet: fix memory leak in packet_set_ring() ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET eeprom: at24: fix unexpected timeout under high load cpu/speculation: Warn on unsupported mitigations= parameter NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O x86/microcode: Fix the microcode load on CPU hotplug for real x86/speculation: Allow guests to use SSBD even if host does not scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() dm log writes: make sure super sector log updates are written in order mm/page_idle.c: fix oops because end_pfn is larger than max_pfn fs/binfmt_flat.c: make load_flat_shared_library() work mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask fs/proc/array.c: allow reporting eip/esp for all coredumping threads Revert "compiler.h: update definition of unreachable()" qmi_wwan: Fix out-of-bounds read net/9p: include trans_common.h to fix missing prototype warning. 9p: p9dirent_read: check network-provided name length 9p/rdma: remove useless check in cm_event_handler 9p: acl: fix uninitialized iattr access 9p/rdma: do not disconnect on down_interruptible EAGAIN 9p/xen: fix check for xenbus_read error in front_probe block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs block: add a lower-level bio_add_page interface IB/hfi1: Close PSM sdma_progress sleep window Revert "x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP" perf header: Fix unchecked usage of strncpy() perf help: Remove needless use of strncpy() perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul Change-Id: I253fc7ffebfad129b8c2165dd2d5aa5af221fd4b Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
d6c7df0d69 |
Merge android-4.14.128 (334aa9b) into msm-4.14
* refs/heads/tmp-334aa9b: Linux 4.14.128 rtc: pcf8523: don't return invalid date when battery is low x86/kasan: Fix boot with 5-level paging and KASAN x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback RAS/CEC: Fix binary search function USB: serial: option: add Telit 0x1260 and 0x1261 compositions USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: usb-storage: Add new ID to ums-realtek USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) usb: dwc2: Fix DMA cache alignment issues drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION KVM: x86/pmu: do not mask the value that is written to fixed PMUs usbnet: ipheth: fix racing condition selftests/timers: Add missing fflush(stdout) calls libnvdimm: Fix compilation warnings with W=1 scsi: bnx2fc: fix incorrect cast to u64 on shift operation platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table nvme: remove the ifdef around nvme_nvm_ioctl arm64/mm: Inhibit huge-vmap with ptdump scsi: lpfc: add check for loss of ndlp when sending RRQ scsi: qedi: remove set but not used variables 'cdev' and 'udev' scsi: qedi: remove memset/memcpy to nfunc and use func instead Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var s390/kasan: fix strncpy_from_user kasan checks Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" ALSA: seq: Fix race of get-subscription call vs port-delete ioctls ALSA: seq: Protect in-kernel ioctl calls with mutex x86/uaccess, kcov: Disable stack protector drm/i915/sdvo: Implement proper HDMI audio support for SDVO ASoC: fsl_asrc: Fix the issue about unsupported rate ASoC: cs42xx8: Add regcache mask dirty cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() bcache: fix stack corruption by PRECEDING_KEY() i2c: acorn: fix i2c warning iommu/arm-smmu: Avoid constant zero in TLBI writes media: v4l2-ioctl: clear fields in s_parm ptrace: restore smp_rmb() in __ptrace_may_access() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO mm/vmscan.c: fix trying to reclaim unevictable LRU page fs/ocfs2: fix race in ocfs2_dentry_attach_lock() mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk ALSA: firewire-motu: fix destruction of data for isochronous resources ALSA: hda/realtek - Update headset mode for ALC256 ALSA: oxfw: allow PCM capture for Stanton SCS.1m HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth nouveau: Fix build with CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT disabled drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3) ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset BACKPORT: security: Implement Clang's stack initialization BACKPORT: security: Create "kernel hardening" config area Change-Id: I486d2f64b7c34a2d23bde24b7c8c01caae6a1611 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
7c63330d05 |
Merge android-4.14.125 (dc5b587) into msm-4.14
* refs/heads/tmp-dc5b587:
Linux 4.14.125
ethtool: check the return value of get_regs_len
ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
fuse: Add FOPEN_STREAM to use stream_open()
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
qmi_wwan: Add quirk for Quectel dynamic config
TTY: serial_core, add ->install
drm/i915/fbc: disable framebuffer compression on GeminiLake
drm/i915: Fix I915_EXEC_RING_MASK
drm/radeon: prefer lower reference dividers
drm/amdgpu/psp: move psp version specific function pointers to early_init
drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
test_firmware: Use correct snprintf() limit
genwqe: Prevent an integer overflow in the ioctl
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
MIPS: pistachio: Build uImage.gz by default
MIPS: Bounds check virt_addr_valid
i2c: xiic: Add max_read_len quirk
x86/power: Fix 'nosmt' vs hibernation triple fault during resume
pstore/ram: Run without kernel crash dump region
pstore: Convert buf_lock to semaphore
pstore: Remove needless lock during console writes
fuse: fallocate: fix return with locked inode
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
rcu: locking and unlocking need to always be at least barriers
Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
ipv6: fix the check before getting the cookie in rt6_get_cookie
net: sfp: read eeprom in maximum 16 byte increments
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
pktgen: do not sleep with the thread lock held.
net: rds: fix memory leak in rds_ib_flush_mr_pool
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
Fix memory leak in sctp_process_init
ethtool: fix potential userspace buffer overflow
Change-Id: Ice7fba2663c02167db026bf7b9c8f466a158f6d5
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
d545a613b5 |
Merge android-4.14.124 (225970c) into msm-4.14
* refs/heads/tmp-225970c:
Linux 4.14.124
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
binder: fix race between munmap() and direct reclaim
Revert "binder: fix handling of misaligned binder object"
Revert "x86/build: Move _etext to actual end of .text"
include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
Compiler Attributes: add support for __copy (gcc >= 9)
drm/rockchip: shutdown drm subsystem on shutdown
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
gcc-plugins: Fix build failures under Darwin host
Revert "lockd: Show pid of lockd for remote locks"
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
staging: wlan-ng: fix adapter initialization failure
staging: vc04_services: prevent integer overflow in create_pagelist()
serial: sh-sci: disable DMA for uart_console
ima: show rules with IMA_INMASK correctly
doc: Cope with Sphinx logging deprecations
doc: Cope with the deprecation of AutoReporter
docs: Fix conf.py for Sphinx 2.0
kernel/signal.c: trace_signal_deliver when signal_group_exit
memcg: make it work on sparse non-0-node systems
tty: max310x: Fix external crystal register setup
tty: serial: msm_serial: Fix XON/XOFF
drm/nouveau/i2c: Disable i2c bus access after ->fini()
KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
ALSA: hda/realtek - Set default power save node to 0
powerpc/perf: Fix MMCRA corruption by bhrb_filter
KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
Btrfs: incremental send, fix file corruption when no-holes feature is enabled
Btrfs: fix fsync not persisting changed attributes of a directory
Btrfs: fix race updating log root item during fsync
Btrfs: fix wrong ctime and mtime of a directory after log replay
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
media: smsusb: better handle optional alignment
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: usb: siano: Fix general protection fault in smsusb
USB: rio500: fix memory leak in close after disconnect
USB: rio500: refuse more than one device at a time
USB: Add LPM quirk for Surface Dock GigE adapter
USB: sisusbvga: fix oops in error path of sisusb_probe
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
usbip: usbip_host: fix stub_dev lock context imbalance regression
usbip: usbip_host: fix BUG: sleeping function called from invalid context
usb: xhci: avoid null pointer deref when bos field is NULL
xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
xhci: Use %zu for printing size_t type
xhci: update bounce buffer with correct sg num
include/linux/bitops.h: sanitize rotate primitives
sparc64: Fix regression in non-hypervisor TLB flush xcall
tipc: fix modprobe tipc failed after switch order of device registration
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
crypto: vmx - ghash: do nosimd fallback manually
net: phy: marvell10g: report if the PHY fails to boot firmware
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
net: mvneta: Fix err code path of probe
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
bnxt_en: Fix aggregation buffer leak under OOM condition.
net/mlx5: Allocate root ns memory using kzalloc to match kfree
tipc: Avoid copying bytes beyond the supplied data
usbnet: fix kernel crash after disconnect
net: stmmac: fix reset gpio free missing
net-gro: fix use-after-free read in napi_gro_frags()
net: fec: fix the clk mismatch in failed_reset path
llc: fix skb leak in llc_build_and_send_ui_pkt()
ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
inet: switch IP ID generator to siphash
ANDROID: uid_sys_stats: report uid_cputime stats in microseconds
Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
Revert "UPSTREAM: fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
Revert "x86/build: Move _etext to actual end of .text"
Change-Id: I98ae54fff61393636d3f0828e32d87424b377c1f
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
7e722ce705 |
Merge android-4.14.123 (acd501f) into msm-4.14
* refs/heads/tmp-acd501f: Revert "arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable" Linux 4.14.123 NFS: Fix a double unlock from nfs_match,get_client vfio-ccw: Prevent quiesce function going into an infinite loop drm: Wake up next in drm_read() chain if we are forced to putback the event drm/drv: Hold ref on parent device during drm_device lifetime ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM spi: Fix zero length xfer bug spi: rspi: Fix sequencer reset during initialization spi : spi-topcliff-pch: Fix to handle empty DMA buffers scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix fc4type information for FDMI scsi: lpfc: Fix FDMI manufacturer attribute value media: vimc: zero the media_device on probe media: go7007: avoid clang frame overflow warning with KASAN media: vimc: stream: fix thread state before sleep media: m88ds3103: serialize reset messages in m88ds3103_set_frontend thunderbolt: Fix to check for kmemdup failure hwrng: omap - Set default quality dmaengine: tegra210-adma: use devm_clk_*() helpers batman-adv: allow updating DAT entry timeouts on incoming ARP Replies scsi: qla4xxx: avoid freeing unallocated dma memory usb: core: Add PM runtime calls to usb_hcd_platform_shutdown rcuperf: Fix cleanup path for invalid perf_type strings rcutorture: Fix cleanup path for invalid torture_type strings x86/mce: Fix machine_check_poll() tests for error types tty: ipwireless: fix missing checks for ioremap virtio_console: initialize vtermno value for ports scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check media: wl128x: prevent two potential buffer overflows media: video-mux: fix null pointer dereferences kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. spi: tegra114: reset controller on probe HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent cxgb3/l2t: Fix undefined behaviour ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put HID: core: move Usage Page concatenation to Main item RDMA/hns: Fix bad endianess of port_pd variable chardev: add additional check for minor range overlap x86/ia32: Fix ia32_restore_sigcontext() AC leak x86/uaccess, signal: Fix AC=1 bloat x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP arm64: cpu_ops: fix a leaked reference by adding missing of_node_put scsi: ufs: Avoid configuring regulator with undefined voltage range scsi: ufs: Fix regulator load and icc-level configuration rtlwifi: fix potential NULL pointer dereference rtc: xgene: fix possible race condition brcmfmac: fix Oops when bringing up interface during USB disconnect brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: convert dev_init_lock mutex to completion b43: shut up clang -Wuninitialized variable warning brcmfmac: fix missing checks for kmemdup mwifiex: Fix mem leak in mwifiex_tm_cmd rtlwifi: fix a potential NULL pointer dereference iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data iio: hmc5843: fix potential NULL pointer dereferences iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion x86/build: Keep local relocations with ld.lld block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR cpufreq: kirkwood: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: ppc_cbe: fix possible object reference leak s390: cio: fix cio_irb declaration x86/microcode: Fix the ancient deprecated microcode loading method s390: zcrypt: initialize variables before_use clk: rockchip: Make rkpwm a critical clock on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Fix video codec clocks on rk3288 PM / core: Propagate dev->power.wakeup_path when no callbacks drm/amdgpu: fix old fence check in amdgpu_fence_emit mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc_spi: add a status check for spi_sync_locked mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers scsi: libsas: Do discovery on empty PHY to update PHY info hwmon: (f71805f) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (vt1211) Use request_muxed_region for Super-IO accesses RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure arm64: vdso: Fix clock_getres() for CLOCK_REALTIME i40e: don't allow changes to HW VLAN stripping on active port VLANs i40e: Able to add up to 16 MAC filters on an untrusted VF phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode x86/irq/64: Limit IST stack overflow check to #DB stack USB: core: Don't unbind interfaces following device reset failure drm/msm: a5xx: fix possible object reference leak sched/core: Handle overflow in cpu_shares_write_u64 sched/rt: Check integer overflow at usec to nsec conversion sched/core: Check quota and period overflow at usec to nsec conversion cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock random: add a spinlock_t to struct batched_entropy powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX powerpc/numa: improve control of topology updates media: pvrusb2: Prevent a buffer overflow media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: stm32-dcmi: fix crash when subdev do not expose any formats audit: fix a memory leak bug media: ov2659: make S_FMT succeed even if requested format doesn't match media: au0828: stop video streaming only when last user stops media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: coda: clear error return value before picture run dmaengine: at_xdmac: remove BUG_ON macro in tasklet clk: rockchip: undo several noc and special clocks as critical on rk3288 pinctrl: samsung: fix leaked of_node references pinctrl: pistachio: fix leaked of_node references HID: logitech-hidpp: use RAP instead of FAP to get the protocol version mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() smpboot: Place the __percpu annotation correctly x86/build: Move _etext to actual end of .text vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev vfio-ccw: Do not call flush_workqueue while holding the spinlock bcache: avoid clang -Wunintialized warning bcache: add failure check to run_cache_set() for journal replay bcache: fix failure in journal relplay bcache: return error immediately in bch_journal_replay() crypto: sun4i-ss - Fix invalid calculation of hash end net: cw1200: fix a NULL pointer dereference mwifiex: prevent an array overflow ASoC: fsl_sai: Update is_slave_mode with correct value libbpf: fix samples/bpf build failure due to undefined UINT32_MAX mac80211/cfg80211: update bss channel on channel switch dmaengine: pl330: _stop: clear interrupt status w1: fix the resume command API scsi: qedi: Abort ep termination if offload not scheduled rtc: 88pm860x: prevent use-after-free on device remove iwlwifi: pcie: don't crash on invalid RX interrupt btrfs: Don't panic when we can't find a root key btrfs: fix panic during relocation after ENOSPC before writeback happens Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Fix a qla24xx_enable_msix() error path sched/cpufreq: Fix kobject memleak arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable ARM: vdso: Remove dependency with the arch_timer driver internals ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() spi: pxa2xx: fix SCR (divisor) calculation ASoC: imx: fix fiq dependencies powerpc/boot: Fix missing check of lseek() return value powerpc/perf: Return accordingly on invalid chip-id in ASoC: hdmi-codec: unlock the device on startup errors pinctrl: zte: fix leaked of_node references net: ena: gcc 8: fix compilation warning dmaengine: tegra210-dma: free dma controller in remove() tools/bpf: fix perf build error with uClibc (seen on ARC) mmc: core: Verify SD bus width gfs2: Fix occasional glock use-after-free IB/hfi1: Fix WQ_MEM_RECLAIM warning NFS: make nfs_match_client killable cxgb4: Fix error path in cxgb4_init_module gfs2: Fix lru_count going negative Revert "btrfs: Honour FITRIM range constraints during free space trim" net: erspan: fix use-after-free at76c50x-usb: Don't register led_trigger if usb_register_driver failed batman-adv: mcast: fix multicast tt/tvlv worker locking bpf: devmap: fix use-after-free Read in __dev_map_entry_free ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit media: vivid: use vfree() instead of kfree() for dev->bitmap_cap media: serial_ir: Fix use-after-free in serial_ir_init_module media: cpia2: Fix use-after-free in cpia2_exit fbdev: fix WARNING in __alloc_pages_nodemask bug btrfs: honor path->skip_locking in backref code brcmfmac: add subtype check for event handling in data path brcmfmac: assure SSID length from firmware is limited hugetlb: use same fault hash key for shared and private mappings fbdev: fix divide error in fb_var_to_videomode btrfs: sysfs: don't leak memory when failing add fsid btrfs: sysfs: Fix error path kobject memory leak Btrfs: fix race between ranged fsync and writeback of adjacent ranges Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path gfs2: Fix sign extension bug in gfs2_update_stats arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable libnvdimm/namespace: Fix label tracking error libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead kvm: svm/avic: fix off-by-one in checking host APIC ID mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem crypto: vmx - CTR: always increment IV as quadword Revert "scsi: sd: Keep disk read-only when re-reading partition" sbitmap: fix improper use of smp_mb__before_atomic() bio: fix improper use of smp_mb__before_atomic() KVM: x86: fix return value for reserved EFER f2fs: Fix use of number of devices ext4: do not delete unlinked inode from orphan list on failed truncate x86: Hide the int3_emulate_call/jmp functions from UML x86: Hide the int3_emulate_call/jmp functions from UML Linux 4.14.122 fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough btrfs: Honour FITRIM range constraints during free space trim bpf, lru: avoid messing with eviction heuristics upon syscall lookup bpf: add map_lookup_elem_sys_only for lookups from syscall side driver core: Postpone DMA tear-down until after devres release for probe failure md/raid: raid5 preserve the writeback action after the parity check Revert "Don't jump to compute_result state from check_result state" perf bench numa: Add define for RUSAGE_THREAD if not present ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour x86/mm/mem_encrypt: Disable all instrumentation for early SME setup sched/cpufreq: Fix kobject memleak iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG KVM: arm/arm64: Ensure vcpu target is unset on reset failure mac80211: Fix kernel panic due to use of txq after free apparmorfs: fix use-after-free on symlink traversal securityfs: fix use-after-free on symlink traversal power: supply: cpcap-battery: Fix division by zero xfrm4: Fix uninitialized memory read in _decode_session4 esp4: add length check for UDP encapsulation vti4: ipip tunnel deregistration fixes. xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink dm delay: fix a crash when invalid device is specified dm zoned: Fix zone report handling dm cache metadata: Fix loading discard bitset PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum PCI: Factor out pcie_retrain_link() function PCI: Mark Atheros AR9462 to avoid bus reset PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix brightness control on reboot, don't set SR30 objtool: Allow AR to be overridden with HOSTAR perf intel-pt: Fix sample timestamp wrt non-taken branches perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix instructions sampling rate memory: tegra: Fix integer overflow on tick value calculation tracing: Fix partial reading of trace event's id file ftrace/x86_64: Emulate call function while updating in breakpoint handler x86_64: Allow breakpoints to emulate call instructions x86_64: Add gap to int3 to allow for call emulation ceph: flush dirty inodes before proceeding with remount iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 fuse: honor RLIMIT_FSIZE in fuse_file_fallocate fuse: fix writepages on 32bit clk: rockchip: fix wrong clock definitions for rk3328 clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: hi3660: Mark clk_gate_ufs_subsys as critical PNFS fallback to MDS if no deviceid found NFS4: Fix v4.0 client state corruption when mount Revert "cifs: fix memory leak in SMB2_read" media: ov6650: Fix sensor possibly not detected on probe cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() of: fix clang -Wunsequenced for be32_to_cpu() p54: drop device reference count if fails to enable device intel_th: msu: Fix single mode with IOMMU md: add mddev->pers to avoid potential NULL pointer dereference stm class: Fix channel free in stm output free path parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code parisc: Use PA_ASM_LEVEL in boot code parisc: Skip registering LED when running in QEMU parisc: Export running_on_qemu symbol for modules net: Always descend into dsa/ vsock/virtio: Initialize core virtio vsock before registering the driver tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: free packets during the socket release tipc: switch order of device registration to fix a crash ppp: deflate: Fix possible crash in deflate_init net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions net: test nouarg before dereferencing zerocopy pointers net/mlx4_core: Change the error print to info print net: avoid weird emergency message f2fs: link f2fs quota ops for sysfile Enable CONFIG_ION_SYSTEM_HEAP BACKPORT: gcov: clang support UPSTREAM: gcov: docs: add a note on GCC vs Clang differences UPSTREAM: gcov: clang: move common GCC code into gcc_base.c UPSTREAM: module: add stubs for within_module functions UPSTREAM: gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT BACKPORT: kbuild: gcov: enable -fno-tree-loop-im if supported fs: sdcardfs: Add missing option to show_options Conflicts: Makefile arch/arm64/include/asm/pgtable.h drivers/scsi/ufs/ufshcd.c Change-Id: I0c79879b0989383949ff5a292a9923b668e4514f Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Reinhard Speyerer
|
065cf41592 |
qmi_wwan: extend permitted QMAP mux_id value range
[ Upstream commit 36815b416fa48766ac5a98e4b2dc3ebc5887222e ]
Permit mux_id values up to 254 to be used in qmimux_register_device()
for compatibility with ip(8) and the rmnet driver.
Fixes: c6adf77953bc ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Reinhard Speyerer
|
4f8544dd54 |
qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
[ Upstream commit a8fdde1cb830e560208af42b6c10750137f53eb3 ]
Switch qmimux_unregister_device() and qmi_wwan_disconnect() to
use unregister_netdevice_queue() and unregister_netdevice_many()
instead of unregister_netdevice(). This avoids RCU stalls which
have been observed on device disconnect in certain setups otherwise.
Fixes: c6adf77953bc ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Reinhard Speyerer
|
0d34ea83b1 |
qmi_wwan: add support for QMAP padding in the RX path
[ Upstream commit 61356088ace1866a847a727d4d40da7bf00b67fc ]
The QMAP code in the qmi_wwan driver is based on the CodeAurora GobiNet
driver which does not process QMAP padding in the RX path correctly.
Add support for QMAP padding to qmimux_rx_fixup() according to the
description of the rmnet driver.
Fixes: c6adf77953bc ("net: usb: qmi_wwan: add qmap mux protocol support")
Cc: Daniele Palmas <dnlplm@gmail.com>
Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Kristian Evensen
|
5267bb9c17 |
qmi_wwan: Fix out-of-bounds read
commit 904d88d743b0c94092c5117955eab695df8109e8 upstream. The syzbot reported Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xca/0x13e lib/dump_stack.c:113 print_address_description+0x67/0x231 mm/kasan/report.c:188 __kasan_report.cold+0x1a/0x32 mm/kasan/report.c:317 kasan_report+0xe/0x20 mm/kasan/common.c:614 qmi_wwan_probe+0x342/0x360 drivers/net/usb/qmi_wwan.c:1417 usb_probe_interface+0x305/0x7a0 drivers/usb/core/driver.c:361 really_probe+0x281/0x660 drivers/base/dd.c:509 driver_probe_device+0x104/0x210 drivers/base/dd.c:670 __device_attach_driver+0x1c2/0x220 drivers/base/dd.c:777 bus_for_each_drv+0x15c/0x1e0 drivers/base/bus.c:454 Caused by too many confusing indirections and casts. id->driver_info is a pointer stored in a long. We want the pointer here, not the address of it. Thanks-to: Hillf Danton <hdanton@sina.com> Reported-by: syzbot+b68605d7fadd21510de1@syzkaller.appspotmail.com Cc: Kristian Evensen <kristian.evensen@gmail.com> Fixes: e4bf63482c30 ("qmi_wwan: Add quirk for Quectel dynamic config") Signed-off-by: Bjørn Mork <bjorn@mork.no> [Upstream commit did not apply because I shuffled two lines in the backport. The fixes tag for 4.14 is 3a6a5107ceb3.] Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
d4dcd34c67 |
Merge android-4.14.116 (85dc1a5) into msm-4.14
* refs/heads/tmp-85dc1a5:
Linux 4.14.116
leds: pca9532: fix a potential NULL pointer dereference
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
iommu/amd: Reserve exclusion range in iova-domain
kconfig/[mn]conf: handle backspace (^H) key
gpio: of: Fix of_gpiochip_add() error path
libata: fix using DMA buffers on stack
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
ceph: fix use-after-free on symlink traversal
usb: u132-hcd: fix resource leak
usb: usb251xb: fix to avoid potential NULL pointer dereference
scsi: qla4xxx: fix a potential NULL pointer dereference
drm/meson: Uninstall IRQ handler
drm/meson: Fix invalid pointer in meson_drv_unbind()
gpio: aspeed: fix a potential NULL pointer dereference
net: ethernet: ti: fix possible object reference leak
net: ibm: fix possible object reference leak
net: xilinx: fix possible object reference leak
NFS: Fix a typo in nfs_init_timeout_values()
ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
net/sched: don't dereference a->goto_chain to read the chain index
net: macb: Add null check for PCLK and HCLK
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
net: ks8851: Set initial carrier state to down
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Dequeue RX packets explicitly
ARM: dts: pfla02: increase phy reset duration
usb: gadget: net2272: Fix net2272_dequeue()
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2280: Fix overrun of OUT messages
KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
serial: ar933x_uart: Fix build failure with disabled console
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
s390/qeth: fix race when initializing the IP address table
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
qlcnic: Avoid potential NULL pointer dereference
s390: limit brk randomization to 32MB
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
fs: prevent page refcount overflow in pipe_buf_get
mm: prevent get_user_pages() from overflowing page refcount
mm: add 'try_get_page()' helper function
mm: make page ref count overflow check tighter and more explicit
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
usbnet: ipheth: prevent TX queue timeouts when device not ready
selinux: use kernel linux/socket.h for genheaders and mdp
Change-Id: I4c096d869f0c685cf3a107748bba0ffe3b20c029
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
dc1d03db8d |
Merge android-4.14.114 (c680586) into msm-4.14
* refs/heads/tmp-c680586:
dm: Restore reverted changes
Linux 4.14.114
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute
xfs: add the ability to join a held buffer to a defer_ops
iomap: report collisions between directio and buffered writes to userspace
tools include: Adopt linux/bits.h
percpu: stop printing kernel addresses
ALSA: info: Fix racy addition/deletion of nodes
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
device_cgroup: fix RCU imbalance in error case
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
Revert "kbuild: use -Oz instead of -Os when using clang"
net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
net: IP6 defrag: use rbtrees for IPv6 defrag
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
net: IP defrag: encapsulate rbtree defrag code into callable functions
ipv6: frags: fix a lockdep false positive
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
modpost: file2alias: check prototype of handler
modpost: file2alias: go back to simple devtable lookup
mmc: sdhci: Handle auto-command errors
mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR
mmc: sdhci: Fix data command CRC error handling
crypto: crypto4xx - properly set IV after de- and encrypt
x86/speculation: Prevent deadlock on ssb_state::lock
perf/x86: Fix incorrect PEBS_REGS
x86/cpu/bugs: Use __initconst for 'const' init data
perf/x86/amd: Add event map for AMD Family 17h
mac80211: do not call driver wake_tx_queue op during reconfig
rt2x00: do not increment sequence number while re-transmitting
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
x86/kprobes: Verify stack frame on kretprobe
arm64: futex: Restore oldval initialization to work around buggy compilers
crypto: x86/poly1305 - fix overflow during partial reduction
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Revert "svm: Fix AVIC incomplete IPI emulation"
Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
scsi: core: set result when the command cannot be dispatched
ALSA: core: Fix card races between register and disconnect
ALSA: hda/realtek - add two more pin configuration sets to quirk table
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: core: fix a possible circular locking dependency
iio: adc: at91: disable adc channel interrupt in timeout case
iio: Fix scan mask selection
iio: dac: mcp4725: add missing powerdown bits in store eeprom
iio: ad_sigma_delta: select channel when reading register
iio: cros_ec: Fix the maths for gyro scale calculation
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: gyro: mpu3050: fix chip ID reading
staging: iio: ad7192: Fix ad7193 channel address
Staging: iio: meter: fixed typo
KVM: x86: svm: make sure NMI is injected after nmi_singlestep
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
CIFS: keep FileInfo handle live during oplock break
net: thunderx: don't allow jumbo frames with XDP
net: thunderx: raise XDP MTU to 1508
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
ipv4: recompile ip options in ipv4_link_failure
vhost: reject zero size iova range
team: set slave to promisc if team is already in promisc mode
tcp: tcp_grow_window() needs to respect tcp_space()
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: bridge: fix per-port af_packet sockets
net: atm: Fix potential Spectre v1 vulnerabilities
bonding: fix event handling for stacked bonds
ANDROID: cuttlefish_defconfig: Enable CONFIG_XFRM_STATISTICS
Linux 4.14.113
appletalk: Fix compile regression
mm: hide incomplete nr_indirectly_reclaimable in sysfs
net: stmmac: Set dma ring length before enabling the DMA
bpf: Fix selftests are changes for CVE 2019-7308
bpf: fix sanitation rewrite in case of non-pointers
bpf: do not restore dst_reg when cur_state is freed
bpf: fix inner map masking to prevent oob under speculation
bpf: fix sanitation of alu op with pointer / scalar type from different paths
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict map value pointer arithmetic for unprivileged
bpf: enable access to ax register also from verifier rewrite
bpf: move tmp variable into ax register in interpreter
bpf: move {prev_,}insn_idx into verifier env
bpf: fix stack state printing in verifier log
bpf: fix verifier NULL pointer dereference
bpf: fix verifier memory leaks
bpf: reduce verifier memory consumption
dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
bpf: fix use after free in bpf_evict_inode
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
lib/div64.c: off by one in shift
appletalk: Fix use-after-free in atalk_proc_exit
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/nouveau/volt/gf117: fix speedo readout register
coresight: cpu-debug: Support for CA73 CPUs
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
crypto: axis - fix for recursive locking from bottom half
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
lkdtm: Add tests for NULL pointer dereference
lkdtm: Print real addresses
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
kernel: hung_task.c: disable on suspend
cifs: fallback to older infolevels on findfirst queryinfo retry
compiler.h: update definition of unreachable()
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
ACPI / SBS: Fix GPE storm on recent MacBookPro's
usbip: fix vhci_hcd controller counting
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
HID: i2c-hid: override HID descriptors for certain devices
media: au0828: cannot kfree dev before usb disconnect
powerpc/pseries: Remove prrn_work workqueue
serial: uartps: console_setup() can't be placed to init section
netfilter: xt_cgroup: shrink size of v2 path
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
gpio: pxa: handle corner case of unprobed device
ext4: prohibit fstrim in norecovery mode
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
irqchip/mbigen: Don't clear eventid when freeing an MSI
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf hist: Add missing map__put() in error case
perf top: Fix error handling in cmd_top()
perf build-id: Fix memory leak in print_sdt_events()
perf config: Fix a memory leak in collect_config()
perf config: Fix an error in the config template documentation
perf list: Don't forget to drop the reference to the allocated thread_map
tools/power turbostat: return the exit status of a command
x86/mm: Don't leak kernel addresses
scsi: iscsi: flush running unbind operations when removing a session
thermal/intel_powerclamp: fix truncated kthread name
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/intel_powerclamp: fix __percpu declaration of worker_data
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
auxdisplay: hd44780: Fix memory leak on ->remove()
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
ext4: report real fs size after failed resize
ext4: add missing brelse() in add_new_gdb_meta_bg()
perf/core: Restore mmap record type correctly
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
ARC: u-boot args: check that magic number is correct
ANDROID: cuttlefish_defconfig: Enable L2TP/PPTP
ANDROID: Makefile: Properly resolve 4.14.112 merge
Make arm64 serial port config compatible with crosvm
Linux 4.14.112
arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
x86/perf/amd: Remove need to check "running" bit in NMI handler
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Resolve race condition when disabling PMC
xtensa: fix return_address
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xen: Prevent buffer overflow in privcmd ioctl
arm64: backtrace: Don't bother trying to unwind the userspace stack
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
ARM: dts: at91: Fix typo in ISC_D0 on PC9
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
block: fix the return errno for direct IO
block: do not leak memory in bio_copy_user_iov()
btrfs: prop: fix vanished compression property after failed set
btrfs: prop: fix zstd compression parameter validation
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
ASoC: fsl_esai: fix channel swap issue when stream starts
include/linux/bitrev.h: fix constant bitrev
drm/udl: add a release method and delay modeset teardown
alarmtimer: Return correct remaining time
parisc: regs_return_value() should return gpr28
parisc: Detect QEMU earlier in boot process
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
hv_netvsc: Fix unwanted wakeup after tx_disable
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
net: ethtool: not call vzalloc for zero sized memory request
netns: provide pure entropy for net_hash_mix()
net/sched: act_sample: fix divide by zero in the traffic path
bnxt_en: Reset device on RX buffer errors.
bnxt_en: Improve RX consumer index validity check.
nfp: validate the return code from dev_queue_xmit()
net/mlx5e: Add a lock on tir list
net/mlx5e: Fix error handling when refreshing TIRs
vrf: check accept_source_route on the original netdevice
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net/sched: fix ->get helper of the matchall cls
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/mlx5: Decrease default mr cache size
net-gro: Fix GRO flush when receiving a GSO packet.
kcm: switch order of device registration to fix a crash
ipv6: sit: reset ip header pointer in ipip6_rcv
ipv6: Fix dangling pointer when ipv6 fragment
tty: ldisc: add sysctl to prevent autoloading of ldiscs
tty: mark Siemens R3964 line discipline as BROKEN
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
stating: ccree: revert "staging: ccree: fix leak of import() after init()"
lib/string.c: implement a basic bcmp
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
drm/i915/gvt: do not let pin count of shadow mm go negative
x86/power: Make restore_processor_context() sane
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
x86/power: Fix some ordering bugs in __restore_processor_context()
net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe
Revert "CHROMIUM: dm: boot time specification of dm="
Revert "ANDROID: dm: do_mounts_dm: Rebase on top of 4.9"
Revert "ANDROID: dm: do_mounts_dm: fix dm_substitute_devices()"
Revert "ANDROID: dm: do_mounts_dm: Update init/do_mounts_dm.c to the latest ChromiumOS version."
sched/fair: remove printk while schedule is in progress
ANDROID: Makefile: Add '-fsplit-lto-unit' to cfi-clang-flags
ANDROID: cfi: Remove unused variable in ptr_to_check_fn
ANDROID: cuttlefish_defconfig: Enable CONFIG_FUSE_FS
Conflicts:
arch/arm64/kernel/traps.c
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
drivers/tty/Kconfig
kernel/sched/fair.c
Change-Id: Ic4c01204f58cdb536e2cab04e4f1a2451977f6a3
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
Bernd Eckstein
|
ba1cf86bdf |
usbnet: ipheth: fix racing condition
[ Upstream commit 94d250fae48e6f873d8362308f5c4d02cd1b1fd2 ] Fix a racing condition in ipheth.c that can lead to slow performance. Bug: In ipheth_tx(), netif_wake_queue() may be called on the callback ipheth_sndbulk_callback(), _before_ netif_stop_queue() is called. When this happens, the queue is stopped longer than it needs to be, thus reducing network performance. Fix: Move netif_stop_queue() in front of usb_submit_urb(). Now the order is always correct. In case, usb_submit_urb() fails, the queue is woken up again as callback will not fire. Testing: This racing condition is usually not noticeable, as it has to occur very frequently to slowdown the network. The callback from the USB is usually triggered slow enough, so the situation does not appear. However, on a Ubuntu Linux on VMWare Workstation, running on Windows 10, the we loose the race quite often and the following speedup can be noticed: Without this patch: Download: 4.10 Mbit/s, Upload: 4.01 Mbit/s With this patch: Download: 36.23 Mbit/s, Upload: 17.61 Mbit/s Signed-off-by: Oliver Zweigle <Oliver.Zweigle@faro.com> Signed-off-by: Bernd Eckstein <3ernd.Eckstein@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Kristian Evensen
|
3a6a5107ce |
qmi_wwan: Add quirk for Quectel dynamic config
commit e4bf63482c309287ca84d91770ffa7dcc18e37eb upstream. Most, if not all, Quectel devices use dynamic interface numbers, and users are able to change the USB configuration at will. Matching on for example interface number is therefore not possible. Instead, the QMI device can be identified by looking at the interface class, subclass and protocol (all 0xff), as well as the number of endpoints. The reason we need to look at the number of endpoints, is that the diagnostic port interface has the same class, subclass and protocol as QMI. However, the diagnostic port only has two endpoints, while QMI has three. Until now, we have identified the QMI device by combining a match on class, subclass and protocol, with a call to the function quectel_diag_detect(). In quectel_diag_detect(), we check if the number of endpoints matches for known Quectel vendor/product ids. Adding new vendor/product ids to quectel_diag_detect() is not a good long-term solution. This commit replaces the function with a quirk, and applies the quirk to affected Quectel devices that I have been able to test the change with (EP06, EM12 and EC25). If the quirk is set and the number of endpoints equal two, we return from qmi_wwan_probe() with -ENODEV. [In order for this patch to apply cleanly to 4.14, two minor changes had to be made. First, the original work-around (quectel_diag_detect()) for the dynamic interface numbers was never backported to 4.14, so there is no need to remove this code. Second, support for the EM12 was also not backported to 4.14. Since supporting EM12 is a trivial change (just another VID/PID match), and the match for EM12 is changed by this patch, I chose to not submit adding EM12-support as a separate patch.] Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> Acked-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kloetzke Jan
|
4f6d1607ec |
usbnet: fix kernel crash after disconnect
[ Upstream commit ad70411a978d1e6e97b1e341a7bde9a79af0c93d ] When disconnecting cdc_ncm the kernel sporadically crashes shortly after the disconnect: [ 57.868812] Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [ 58.006653] PC is at 0x0 [ 58.009202] LR is at call_timer_fn+0xec/0x1b4 [ 58.013567] pc : [<0000000000000000>] lr : [<ffffff80080f5130>] pstate: 00000145 [ 58.020976] sp : ffffff8008003da0 [ 58.024295] x29: ffffff8008003da0 x28: 0000000000000001 [ 58.029618] x27: 000000000000000a x26: 0000000000000100 [ 58.034941] x25: 0000000000000000 x24: ffffff8008003e68 [ 58.040263] x23: 0000000000000000 x22: 0000000000000000 [ 58.045587] x21: 0000000000000000 x20: ffffffc68fac1808 [ 58.050910] x19: 0000000000000100 x18: 0000000000000000 [ 58.056232] x17: 0000007f885aff8c x16: 0000007f883a9f10 [ 58.061556] x15: 0000000000000001 x14: 000000000000006e [ 58.066878] x13: 0000000000000000 x12: 00000000000000ba [ 58.072201] x11: ffffffc69ff1db30 x10: 0000000000000020 [ 58.077524] x9 : 8000100008001000 x8 : 0000000000000001 [ 58.082847] x7 : 0000000000000800 x6 : ffffff8008003e70 [ 58.088169] x5 : ffffffc69ff17a28 x4 : 00000000ffff138b [ 58.093492] x3 : 0000000000000000 x2 : 0000000000000000 [ 58.098814] x1 : 0000000000000000 x0 : 0000000000000000 ... [ 58.205800] [< (null)>] (null) [ 58.210521] [<ffffff80080f5298>] expire_timers+0xa0/0x14c [ 58.215937] [<ffffff80080f542c>] run_timer_softirq+0xe8/0x128 [ 58.221702] [<ffffff8008081120>] __do_softirq+0x298/0x348 [ 58.227118] [<ffffff80080a6304>] irq_exit+0x74/0xbc [ 58.232009] [<ffffff80080e17dc>] __handle_domain_irq+0x78/0xac [ 58.237857] [<ffffff8008080cf4>] gic_handle_irq+0x80/0xac ... The crash happens roughly 125..130ms after the disconnect. This correlates with the 'delay' timer that is started on certain USB tx/rx errors in the URB completion handler. The problem is a race of usbnet_stop() with usbnet_start_xmit(). In usbnet_stop() we call usbnet_terminate_urbs() to cancel all URBs in flight. This only makes sense if no new URBs are submitted concurrently, though. But the usbnet_start_xmit() can run at the same time on another CPU which almost unconditionally submits an URB. The error callback of the new URB will then schedule the timer after it was already stopped. The fix adds a check if the tx queue is stopped after the tx list lock has been taken. This should reliably prevent the submission of new URBs while usbnet_terminate_urbs() does its job. The same thing is done on the rx side even though it might be safe due to other flags that are checked there. Signed-off-by: Jan Klötzke <Jan.Kloetzke@preh.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniele Palmas
|
6833b82fbe |
net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
[ Upstream commit b4e467c82f8c12af78b6f6fa5730cb7dea7af1b4 ] Added support for Telit LE910Cx 0x1260 and 0x1261 compositions. Signed-off-by: Daniele Palmas <dnlplm@gmail.com> Acked-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
070370f0ae |
Merge android-4.14.108 (4344de2) into msm-4.14
* refs/heads/tmp-4344de2: Linux 4.14.108 s390/setup: fix boot crash for machine without EDAT-1 KVM: nVMX: Ignore limit checks on VMX instructions using flat segments KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: Call kvm_arch_memslots_updated() before updating memslots drm/radeon/evergreen_cs: fix missing break in switch statement media: imx: csi: Stop upstream before disabling IDMA channel media: imx: csi: Disable CSI immediately after last EOF media: vimc: Add vimc-streamer for stream control media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: imx: prpencvf: Stop upstream before disabling IDMA channel rcu: Do RCU GP kthread self-wakeup from softirq and interrupt tpm: Unify the send callback behaviour tpm/tpm_crb: Avoid unaligned reads in crb_recv() md: Fix failed allocation of md_register_thread perf intel-pt: Fix divide by zero when TSC is not available perf intel-pt: Fix overlap calculation for padding perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix CYC timestamp calculation after OVF x86/unwind/orc: Fix ORC unwind table alignment bcache: never writeback a discard operation PM / wakeup: Rework wakeup source timer cancellation NFSv4.1: Reinitialise sequence results before retransmitting a request nfsd: fix wrong check in write_v4_end_grace() nfsd: fix memory corruption caused by readdir NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Fix I/O request leakages cpcap-charger: generate events for userspace dm integrity: limit the rate of error messages dm: fix to_sector() for 32bit arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 arm64: debug: Ensure debug handlers check triggering exception level arm64: Fix HCR.TGE status for NMI contexts ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify powerpc/traps: Fix the message printed when stack overflows powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc/powernv: Make opal log only readable by root powerpc/wii: properly disable use of BATs when requested. powerpc/32: Clear on-stack exception marker upon exception return security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock jbd2: fix compile warning when using JBUFFER_TRACE jbd2: clear dirty flag when revoking a buffer from an older transaction serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO drm/i915: Relax mmap VMA check crypto: arm64/aes-neonbs - fix returning final keystream block i2c: tegra: fix maximum transfer size parport_pc: fix find_superio io compare code, should use equal test. intel_th: Don't reference unassigned outputs device property: Fix the length used in PROPERTY_ENTRY_STRING() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv mm/vmalloc: fix size check for remap_vmalloc_range_partial() mm: hwpoison: fix thp split handing in soft_offline_in_use_page() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() clk: ingenic: Fix doc of ingenic_cgu_div_info clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: uniphier: Fix update register for CPU-gear ext2: Fix underflow in ext2_max_size() cxl: Wrap iterations over afu slices inside 'afu_list_lock' IB/hfi1: Close race condition on user context disable and close ext4: fix crash during online resizing ext4: add mask of ext4 flags to swap cpufreq: pxa2xx: remove incorrect __init annotation cpufreq: tegra124: add missing of_node_put() x86/kprobes: Prohibit probing on optprobe template code irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer crypto: pcbc - remove bogus memcpy()s with src == dest Btrfs: fix corruption reading shared and compressed extents after hole punching btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl m68k: Add -ffreestanding to CFLAGS splice: don't merge into linked buffers fs/devpts: always delete dcache dentry-s in dput() scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: aacraid: Fix performance issue on logical drives scsi: virtio_scsi: don't send sc payload with tmfs s390/virtio: handle find on invalid queue gracefully s390/setup: fix early warning messages clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR regulator: s2mpa01: Fix step values for some LDOs regulator: max77620: Initialize values for DT properties regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 spi: pxa2xx: Setup maximum supported DMA transfer length spi: ti-qspi: Fix mmap read when more than one CS in use mmc: sdhci-esdhc-imx: fix HS400 timing issue ACPI / device_sysfs: Avoid OF modalias creation for removed device xen: fix dom0 boot on huge systems tracing: Do not free iter->trace in fail path of tracing_open_pipe() tracing: Use strncpy instead of memcpy for string keys in hist triggers CIFS: Fix read after write for files with read caching CIFS: Do not reset lease state to NONE on lease break crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: testmgr - skip crc32c context test for ahash algorithms crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: arm64/crct10dif - revert to C code for short inputs crypto: arm/crct10dif - revert to C code for short inputs fix cgroup_do_mount() handling of failure exits libnvdimm: Fix altmap reservation size calculation libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/label: Clear 'updating' flag after label-set update stm class: Prevent division by zero media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() tmpfs: fix uninitialized return value in shmem_link net: set static variable an initial value in atl2_probe() nfp: bpf: fix ALU32 high bits clearance bug nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K net: thunderx: make CFG_DONE message to run through generic send-ack sequence mac80211_hwsim: propagate genlmsg_reply return code phonet: fix building with clang ARCv2: support manual regfile save on interrupts ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN tmpfs: fix link accounting when a tmpfile is linked in net: marvell: mvneta: fix DMA debug warning arm64: Relax GIC version check during early boot qed: Fix iWARP syn packet mac address validation. ASoC: topology: free created components in tplg load error mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() qmi_wwan: apply SET_DTR quirk to Sierra WP7607 pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins net: systemport: Fix reception of BPDUs scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task keys: Fix dependency loop between construction record and auth key assoc_array: Fix shortcut creation af_key: unconditionally clone on broadcast ARM: 8824/1: fix a migrating irq bug when hotplug cpu esp: Skip TX bytes accounting when sending from a request socket clk: sunxi: A31: Fix wrong AHB gate number clk: sunxi-ng: v3s: Fix TCON reset de-assert bit Input: st-keyscan - fix potential zalloc NULL dereference auxdisplay: ht16k33: fix potential user-after-free on module unload i2c: bcm2835: Clear current buffer pointers and counts after a transfer i2c: cadence: Fix the hold bit setting net: hns: Fix object reference leaks in hns_dsaf_roce_reset() mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs Revert "mm: use early_pfn_to_nid in page_ext_init" mm/gup: fix gup_pmd_range() for dax NFS: Don't use page_file_mapping after removing the page floppy: check_events callback should not return a negative number ipvs: fix dependency on nf_defrag_ipv6 mac80211: Fix Tx aggregation session tear down with ITXQs Input: matrix_keypad - use flush_delayed_work() Input: ps2-gpio - flush TX work when closing port Input: cap11xx - switch to using set_brightness_blocking() ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized Input: pwm-vibra - stop regulator after disabling pwm, not before Input: pwm-vibra - prevent unbalanced regulator s390/dasd: fix using offset into zero size array error gpu: ipu-v3: Fix CSI offsets for imx53 drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: ignore plane updates on disabled crtcs crypto: rockchip - update new iv to device in multiple operations crypto: rockchip - fix scatterlist nents error crypto: ahash - fix another early termination in hash walk crypto: caam - fixed handling of sg list stm class: Fix an endless loop in channel allocation iio: adc: exynos-adc: Fix NULL pointer exception on unbind ASoC: fsl_esai: fix register setting issue in RIGHT_J mode 9p/net: fix memory leak in p9_client_create 9p: use inode->i_lock to protect i_size_write() under 32-bit FROMLIST: psi: introduce psi monitor FROMLIST: refactor header includes to allow kthread.h inclusion in psi_types.h FROMLIST: psi: track changed states FROMLIST: psi: split update_stats into parts FROMLIST: psi: rename psi fields in preparation for psi trigger addition FROMLIST: psi: make psi_enable static FROMLIST: psi: introduce state_mask to represent stalled psi states ANDROID: cuttlefish_defconfig: Enable CONFIG_INPUT_MOUSEDEV ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI BACKPORT: kernel: cgroup: add poll file operation BACKPORT: fs: kernfs: add poll file operation UPSTREAM: psi: avoid divide-by-zero crash inside virtual machines UPSTREAM: psi: clarify the Kconfig text for the default-disable option UPSTREAM: psi: fix aggregation idle shut-off UPSTREAM: psi: fix reference to kernel commandline enable UPSTREAM: psi: make disabling/enabling easier for vendor kernels UPSTREAM: kernel/sched/psi.c: simplify cgroup_move_task() BACKPORT: psi: cgroup support UPSTREAM: psi: pressure stall information for CPU, memory, and IO UPSTREAM: sched: introduce this_rq_lock_irq() UPSTREAM: sched: sched.h: make rq locking and clock functions available in stats.h UPSTREAM: sched: loadavg: make calc_load_n() public BACKPORT: sched: loadavg: consolidate LOAD_INT, LOAD_FRAC, CALC_LOAD UPSTREAM: delayacct: track delays from thrashing cache pages UPSTREAM: mm: workingset: tell cache transitions from workingset thrashing sched/fair: fix energy compute when a cluster is only a cpu core in multi-cluster system Conflicts: arch/arm/kernel/irq.c drivers/scsi/sd.c include/linux/sched.h include/uapi/linux/taskstats.h kernel/sched/Makefile sound/soc/soc-dapm.c Change-Id: I12ebb57a34da9101ee19458d7e1f96ecc769c39a Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Gustavo A. R. Silva
|
b41449d9be |
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
commit 61c59355e0154a938b28710dfa6c1d8be2ddcefa upstream.
_dev_ is being dereferenced before it is null checked, hence there
is a potential null pointer dereference.
Fix this by moving the pointer dereference after _dev_ has been null
checked.
Addresses-Coverity-ID: 1462020
Fixes: bb1b40c7cb86 ("usbnet: ipheth: prevent TX queue timeouts when device not ready")
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Alexander Kappner
|
f5bca75dc4 |
usbnet: ipheth: prevent TX queue timeouts when device not ready
commit bb1b40c7cb863f0800a6410c7dcb86cf3f28d3b1 upstream.
iOS devices require the host to be "trusted" before servicing network
packets. Establishing trust requires the user to confirm a dialog on the
iOS device.Until trust is established, the iOS device will silently discard
network packets from the host. Currently, the ipheth driver does not detect
whether an iOS device has established trust with the host, and immediately
sets up the transmit queues.
This causes the following problems:
- Kernel taint due to WARN() in netdev watchdog.
- Dmesg spam ("TX timeout").
- Disruption of user space networking activity (dhcpd, etc...) when new
interface comes up but cannot be used.
- Unnecessary host and device wakeups and USB traffic
Example dmesg output:
[ 1101.319778] NETDEV WATCHDOG: eth1 (ipheth): transmit queue 0 timed out
[ 1101.319817] ------------[ cut here ]------------
[ 1101.319828] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:316 dev_watchdog+0x20f/0x220
[ 1101.319831] Modules linked in: ipheth usbmon nvidia_drm(PO) nvidia_modeset(PO) nvidia(PO) iwlmvm mac80211 iwlwifi btusb btrtl btbcm btintel qmi_wwan bluetooth cfg80211 ecdh_generic thinkpad_acpi rfkill [last unloaded: ipheth]
[ 1101.319861] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P O 4.13.12.1 #1
[ 1101.319864] Hardware name: LENOVO 20ENCTO1WW/20ENCTO1WW, BIOS N1EET62W (1.35 ) 11/10/2016
[ 1101.319867] task: ffffffff81e11500 task.stack: ffffffff81e00000
[ 1101.319873] RIP: 0010:dev_watchdog+0x20f/0x220
[ 1101.319876] RSP: 0018:ffff8810a3c03e98 EFLAGS: 00010292
[ 1101.319880] RAX: 000000000000003a RBX: 0000000000000000 RCX: 0000000000000000
[ 1101.319883] RDX: ffff8810a3c15c48 RSI: ffffffff81ccbfc2 RDI: 00000000ffffffff
[ 1101.319886] RBP: ffff880c04ebc41c R08: 0000000000000000 R09: 0000000000000379
[ 1101.319889] R10: 00000100696589d0 R11: 0000000000000378 R12: ffff880c04ebc000
[ 1101.319892] R13: 0000000000000000 R14: 0000000000000001 R15: ffff880c2865fc80
[ 1101.319896] FS: 0000000000000000(0000) GS:ffff8810a3c00000(0000) knlGS:0000000000000000
[ 1101.319899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1101.319902] CR2: 00007f3ff24ac000 CR3: 0000000001e0a000 CR4: 00000000003406f0
[ 1101.319905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1101.319908] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1101.319910] Call Trace:
[ 1101.319914] <IRQ>
[ 1101.319921] ? dev_graft_qdisc+0x70/0x70
[ 1101.319928] ? dev_graft_qdisc+0x70/0x70
[ 1101.319934] ? call_timer_fn+0x2e/0x170
[ 1101.319939] ? dev_graft_qdisc+0x70/0x70
[ 1101.319944] ? run_timer_softirq+0x1ea/0x440
[ 1101.319951] ? timerqueue_add+0x54/0x80
[ 1101.319956] ? enqueue_hrtimer+0x38/0xa0
[ 1101.319963] ? __do_softirq+0xed/0x2e7
[ 1101.319970] ? irq_exit+0xb4/0xc0
[ 1101.319976] ? smp_apic_timer_interrupt+0x39/0x50
[ 1101.319981] ? apic_timer_interrupt+0x8c/0xa0
[ 1101.319983] </IRQ>
[ 1101.319992] ? cpuidle_enter_state+0xfa/0x2a0
[ 1101.319999] ? do_idle+0x1a3/0x1f0
[ 1101.320004] ? cpu_startup_entry+0x5f/0x70
[ 1101.320011] ? start_kernel+0x444/0x44c
[ 1101.320017] ? early_idt_handler_array+0x120/0x120
[ 1101.320023] ? x86_64_start_kernel+0x145/0x154
[ 1101.320028] ? secondary_startup_64+0x9f/0x9f
[ 1101.320033] Code: 20 04 00 00 eb 9f 4c 89 e7 c6 05 59 44 71 00 01 e8 a7 df fd ff 89 d9 4c 89 e6 48 c7 c7 70 b7 cd 81 48 89 c2 31 c0 e8 97 64 90 ff <0f> ff eb bf 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
[ 1101.320103] ---[ end trace 0cc4d251e2b57080 ]---
[ 1101.320110] ipheth 1-5:4.2: ipheth_tx_timeout: TX timeout
The last message "TX timeout" is repeated every 5 seconds until trust is
established or the device is disconnected, filling up dmesg.
The proposed patch eliminates the problem by, upon connection, keeping the
TX queue and carrier disabled until a packet is first received from the iOS
device. This is reflected by the confirmed_pairing variable in the device
structure. Only after at least one packet has been received from the iOS
device, the transmit queue and carrier are brought up during the periodic
device poll in ipheth_carrier_set. Because the iOS device will always send
a packet immediately upon trust being established, this should not delay
the interface becoming useable. To prevent failed UBRs in
ipheth_rcvbulk_callback from perpetually re-enabling the queue if it was
disabled, a new check is added so only successful transfers re-enable the
queue, whereas failed transfers only trigger an immediate poll.
This has the added benefit of removing the periodic control requests to the
iOS device until trust has been established and thus should reduce wakeup
events on both the host and the iOS device.
Signed-off-by: Alexander Kappner <agk@godking.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[groeck: Fixed context conflict seen because 45611c61dd50 was applied first]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Bjørn Mork
|
be7e16e566 |
qmi_wwan: add Olicard 600
[ Upstream commit 6289d0facd9ebce4cc83e5da39e15643ee998dc5 ] This is a Qualcomm based device with a QMI function on interface 4. It is mode switched from 2020:2030 using a standard eject message. T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=2020 ProdID=2031 Rev= 2.32 S: Manufacturer=Mobile Connect S: Product=Mobile Connect S: SerialNumber=0123456789ABCDEF C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none) E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us Signed-off-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Beniamino Galvani
|
f647070b1e |
qmi_wwan: apply SET_DTR quirk to Sierra WP7607
[ Upstream commit 97dc47a1308a3af46a09b1546cfb869f2e382a81 ] The 1199:68C0 USB ID is reused by Sierra WP7607 which requires the DTR quirk to be detected. Apply QMI_QUIRK_SET_DTR unconditionally as already done for other IDs shared between different devices. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> Acked-by: Bjørn Mork <bjorn@mork.no> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
qctecmdr Service
|
b552aaf68a | Merge "Merge android-4.14-p.105 (e742253) into msm-4.14" | ||
|
Blagovest Kolenichev
|
57c2bb95b7 |
Merge android-4.14-p.105 (e742253) into msm-4.14
* refs/heads/tmp-e742253: Linux 4.14.105 x86/uaccess: Don't leak the AC flag into __put_user() value evaluation MIPS: eBPF: Fix icache flush end address MIPS: fix truncation in __cmpxchg_small for short values mm: enforce min addr even if capable() in expand_downwards() mmc: sdhci-esdhc-imx: correct the fix of ERR004536 mmc: tmio: fix access width of Block Count Register mmc: tmio_mmc_core: don't claim spurious interrupts mmc: spi: Fix card detection during probe powerpc: Always initialize input array when calling epapr_hypercall() KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 svm: Fix AVIC incomplete IPI emulation cfg80211: extend range deviation for DMG mac80211: Add attribute aligned(2) to struct 'action' mac80211: don't initiate TDLS connection if station is not associated to AP ibmveth: Do not process frames after calling napi_reschedule net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP net: usb: asix: ax88772_bind return error when hw_reset fail hv_netvsc: Fix ethtool change hash key error net: altera_tse: fix connect_local_phy error path scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() writeback: synchronize sync(2) against cgroup writeback membership switches direct-io: allow direct writes to empty inodes staging: android: ion: Support cpu access during dma_buf_detach serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling drm/amd/powerplay: OD setting fix on Vega10 locking/rwsem: Fix (possible) missed wakeup futex: Fix (possible) missed wakeup sched/wait: Fix rcuwait_wake_up() ordering mac80211: fix miscounting of ttl-dropped frames staging: rtl8723bs: Fix build error with Clang when inlining is disabled drivers: thermal: int340x_thermal: Fix sysfs race condition ARC: fix __ffs return value to avoid build warnings selftests: gpio-mockup-chardev: Check asprintf() for error selftests: seccomp: use LDLIBS instead of LDFLAGS ASoC: imx-audmux: change snprintf to scnprintf for possible overflow ASoC: dapm: change snprintf to scnprintf for possible overflow genirq: Make sure the initial affinity is not empty usb: gadget: Potential NULL dereference on allocation error usb: dwc3: gadget: Fix the uninitialized link_state when udc starts usb: dwc3: gadget: synchronize_irq dwc irq in suspend thermal: int340x_thermal: Fix a NULL vs IS_ERR() check clk: vc5: Abort clock configuration without upstream clock ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized ALSA: compress: prevent potential divide by zero bugs ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field drm/msm: Unblock writer if reader closes file scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached net: stmmac: Disable ACS Feature for GMAC >= 4 net: stmmac: Fix reception of Broadcom switches tags Revert "loop: Fold __loop_release into loop_release" Revert "loop: Get rid of loop_index_mutex" Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" FROMGIT: binder: create node flag to request sender's security context Modify include/uapi/linux/android/binder.h, as commit: FROMGIT: binder: create node flag to request sender's security context introduces enums and structures, which are already defined in other userspace files that include the binder uapi file. Thus, the redeclaration of these enums and structures can lead to build errors. To avoid this, guard the redundant declarations in the uapi header with the __KERNEL__ header guard, so they are not exported to userspace. Conflicts: drivers/gpu/drm/msm/msm_rd.c drivers/staging/android/ion/ion.c include/uapi/linux/android/binder.h sound/core/compress_offload.c Change-Id: I5d470f222a6a1baa284813a11f847cfcbe6ee0a6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |